Open Zubastic opened 3 years ago
SteveSyfuhs
commented
3 years ago You mean the kvno in the ticket encrypted data? There's no guarantee it'll be present, or match what's in the keytab unfortunately. In most cases the keytab version doesn't have knowledge of the version stored in the directory so it wouldn't make sense to compare.
Zubastic
commented
3 years ago You mean the kvno in the ticket encrypted data? There's no guarantee it'll be present, or match what's in the keytab unfortunately. In most cases the keytab version doesn't have knowledge of the version stored in the directory so it wouldn't make sense to compare.
I got invalid checksum version for multiple times and every time kvno and keytab version didn't match :( Now I check it with KerbDump (KerbDumpCore fails with invalid checksum error). Maybe log warning?
Is your feature request related to a problem? Please describe. https://github.com/dotnet/Kerberos.NET/issues/180
Problem with different version of token and keytab file. So if token version is more than keytab version we shouldn't try to decrypt and could just throw error, isn't it?
Describe the solution you'd like Check version and return Invalid checksum error.