Monthly Archives: January 2017

yes kerberos works with macOS vnc

Kerberos authentication and an encryption cipher will be applied if your macOS is bound to windows active directory say windows 2012 and you uncheck the VNC boxes for control screen and password, set a domain local admin to the users & groups.

the native OSX vnc connection will initiate kerberos 5 and show up in the frame communications as krb5-nt-principal
then the order of “etype 4 items” will be tried in the as-req and followed by the as-reply (authentication service request and reply) from the authentication server within the KDC (key distribution center).  It will use the same set of encryption types for the session and secret keys here which will be AES256-CTS-HMAC-SHA1-96

in the tgs-req (ticketgranting service request) from the KDC (key distribution center) there will be the same presentation of types

AES256-CTS-HMAC-SHA1-96
AES128-CTS-HMAC-SHA1-96
DES3-CBC—SHA1
ARCFOUR-HMAC-MD5

In the tgs-rep (ticketgranting service reply) will show a ARCFOUR-HMAC-MD5 with a cipher and then follows AES256-CTS-HMAC-SHA1-96 with another cipher outside of the ticket but within the reply