[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: About one unknown padata type 129



21 nov 2006 kl. 02.29 skrev Ralph:

> data: the pure data without der tag, class and length boundary. For
> example, principal type, principal value, realm, and a constant string
> 'Kerberos'.

Is the type field encoded as an int32, in what byte order ?

> key: tgs session key.
> key-usage: KRB5_OTHER...

KRB5_KU_OTHER_CKSUM = 17 ?

> checksum type: -138

Thanks,
Love



> On 11/20/06, Love Hörnquist Åstrand <lha@kth.se> wrote:
>> Over what data is the checksum generated, using what key and key- 
>> usage ?
>>
>> Love
>>
>>
>> 19 nov 2006 kl. 08.11 skrev Ralph:
>>
>> > Thanks a lot.
>> >
>> > Finally, I found the structure of this padata with the type 129.  
>> It's
>> > called PA-S4U2Self. The checksum inside it is generated with data
>> > without asn1 boundary seperators. :-)
>> >
>> > Ralph
>> >
>> > On 11/16/06, Love Hörnquist Åstrand <lha@kth.se> wrote:
>> >> 16 nov 2006 kl. 06.10 skrev Ralph:
>> >>
>> >> > What's the meaning of 'not compatible'? Do you mean Heimdal has
>> >> > already know the structure of this piece of data (padata  
>> 129)? Or,
>> >> > does Heimdal use another approach to prived Constrained
>> >> Delegation and
>> >> > Protocol Transition?
>> >>
>> >> There is a diffrent wireformat today since I don't know what the
>> >> format was.
>> >> Also note that since there is no PAC in Heimdal, there needs to  
>> be a
>> >> diffrent
>> >> solution for checking the validity of the request.
>> >>
>> >> See the end of tests/kdc/check-kdc.in how to use it.
>> >>
>> >> Love
>> >>
>> >>
>> >>
>>
>>