[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tag values in decode_PA_PK_AS_REQ_Win2k()

Love Hörnquist Åstrand wrote:
> 16 nov 2006 kl. 05.50 skrev Olga Kornievskaia:
>> It seems that tag values were shifted by 1.
> It does not work for you when using it with windows 2003 server ?
> I think ms just got it wrong.
as far as i can tell, heimdal code has no way of populating the 
trustedCertifiers while sending a request to a win2k  kdc. therefore, i 
can't tell if heimdal client works against win2k kdc.

as for microsoft getting it wrong, i'm not sure i follow. the spec says 
that the tag values should be 0-3 yet the heimdal implementation has 
different values. my question is where did those values come from?

i don't know what values microsoft use because i was unsuccessful in 
getting CITI's version of draft9 truestedCertifiers to work with win2k. 
i've been told that microsoft didn't implement draft9 exactly. however, 
i'm not sure how to tell what tag values did they use.