directory-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From conflue...@apache.org
Subject [CONF] Apache Directory ASN.1 Documentation > Kerberos
Date Fri, 07 May 2010 17:12:00 GMT
<html>
<head>
    <base href="http://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/1810/9/1/_/styles/combined.css?spaceKey=DIRxASN1&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="http://cwiki.apache.org/confluence/display/DIRxASN1/Kerberos">Kerberos</a></h2>
    <h4>Page  <b>added</b> by             <a href="http://cwiki.apache.org/confluence/display/~elecharny">Emmanuel
L├ęcharny</a>
    </h4>
         <br/>
    <div class="notificationGreySide">
         <p>KerberosV5Spec2 </p>
<div class="error"><span class="error">Unknown macro: {
        iso(1) identified-organization(3) dod(6) internet(1)
        security(5) kerberosV5(2) modules(4) krb5spec2(2)
}</span> </div>
<p> DEFINITIONS EXPLICIT TAGS ::= BEGIN</p>

<p>&#8211; OID arc for KerberosV5<br/>
&#8211;<br/>
-- This OID may be used to identify Kerberos protocol messages<br/>
&#8211; encapsulated in other protocols.<br/>
&#8211;<br/>
-- This OID also designates the OID arc for KerberosV5-related OIDs.<br/>
&#8211;<br/>
-- NOTE: RFC 1510 had an incorrect value (5) for "dod" in its OID.<br/>
id-krb5         OBJECT IDENTIFIER ::= </p>
<div class="error"><span class="error">Unknown macro: {
        iso(1) identified-organization(3) dod(6) internet(1)
        security(5) kerberosV5(2)
}</span> </div>

<p>Int32           ::= INTEGER (-2147483648..2147483647)<br/>
                    &#8211; signed values representable in 32 bits</p>

<p>UInt32          ::= INTEGER (0..4294967295)<br/>
                    &#8211; unsigned 32 bit values</p>

<p>Microseconds    ::= INTEGER (0..999999)<br/>
                    &#8211; microseconds</p>

<p>KerberosString  ::= GeneralString (IA5String)</p>

<p>Realm           ::= KerberosString</p>

<p>PrincipalName   ::= SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        name-type       [0] Int32,
        name-string     [1] SEQUENCE OF KerberosString
}</span> </div>

<p>KerberosTime    ::= GeneralizedTime &#8211; with no fractional seconds</p>

<p>HostAddress     ::= SEQUENCE  </p>
<div class="error"><span class="error">Unknown macro: {
        addr-type       [0] Int32,
        address         [1] OCTET STRING
}</span> </div>

<p>&#8211; NOTE: HostAddresses is always used as an OPTIONAL field and<br/>
&#8211; should not be empty.<br/>
HostAddresses   &#8211; NOTE: subtly different from rfc1510,</p>



<p>Neuman, et al.              Standards Track                   <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=Page+123&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">Page 123</a></p>

<p>RFC 4120                      Kerberos V5                      July 2005</p>


<p>                &#8211; but has a value mapping and encodes the same<br/>
        ::= SEQUENCE OF HostAddress</p>

<p>&#8211; NOTE: AuthorizationData is always used as an OPTIONAL field and<br/>
&#8211; should not be empty.<br/>
AuthorizationData       ::= SEQUENCE OF SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        ad-type         [0] Int32,
        ad-data         [1] OCTET STRING
}</span> </div>

<p>PA-DATA         ::= SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        -- NOTE}</span> </div>

<p>KerberosFlags   ::= BIT STRING (SIZE (32..MAX))<br/>
                    &#8211; minimum number of bits shall be sent,<br/>
                    &#8211; but no fewer than 32</p>

<p>EncryptedData   ::= SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        etype   [0] Int32 -- EncryptionType --,
        kvno    [1] UInt32 OPTIONAL,
        cipher  [2] OCTET STRING -- ciphertext
}</span> </div>

<p>EncryptionKey   ::= SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        keytype         [0] Int32 -- actually encryption type --,
        keyvalue        [1] OCTET STRING
}</span> </div>

<p>Checksum        ::= SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        cksumtype       [0] Int32,
        checksum        [1] OCTET STRING
}</span> </div>

<p>Ticket          ::= <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=APPLICATION+1&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">APPLICATION 1</a> SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        tkt-vno         [0] INTEGER (5),
        realm           [1] Realm,
        sname           [2] PrincipalName,
        enc-part        [3] EncryptedData -- EncTicketPart
}</span> </div>

<p>&#8211; Encrypted part of ticket<br/>
EncTicketPart   ::= <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=APPLICATION+3&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">APPLICATION 3</a> SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        flags                   [0] TicketFlags,
        key                     [1] EncryptionKey,
        crealm                  [2] Realm,



Neuman, et al.              Standards Track                   [Page 124]

RFC 4120                      Kerberos V5                      July 2005


        cname                   [3] PrincipalName,
        transited               [4] TransitedEncoding,
        authtime                [5] KerberosTime,
        starttime               [6] KerberosTime OPTIONAL,
        endtime                 [7] KerberosTime,
        renew-till              [8] KerberosTime OPTIONAL,
        caddr                   [9] HostAddresses OPTIONAL,
        authorization-data      [10] AuthorizationData OPTIONAL
}</span> </div>

<p>&#8211; encoded Transited field<br/>
TransitedEncoding       ::= SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        tr-type         [0] Int32 -- must be registered --,
        contents        [1] OCTET STRING
}</span> </div>

<p>TicketFlags     ::= KerberosFlags<br/>
        &#8211; reserved(0),<br/>
        &#8211; forwardable(1),<br/>
        &#8211; forwarded(2),<br/>
        &#8211; proxiable(3),<br/>
        &#8211; proxy(4),<br/>
        &#8211; may-postdate(5),<br/>
        &#8211; postdated(6),<br/>
        &#8211; invalid(7),<br/>
        &#8211; renewable(8),<br/>
        &#8211; initial(9),<br/>
        &#8211; pre-authent(10),<br/>
        &#8211; hw-authent(11),<br/>
&#8211; the following are new since 1510<br/>
        &#8211; transited-policy-checked(12),<br/>
        &#8211; ok-as-delegate(13)</p>

<p>AS-REQ          ::= <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=APPLICATION+10&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">APPLICATION 10</a> KDC-REQ</p>

<p>TGS-REQ         ::= <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=APPLICATION+12&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">APPLICATION 12</a> KDC-REQ</p>

<p>KDC-REQ         ::= SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        -- NOTE}</span> </div>

<p>KDC-REQ-BODY    ::= SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        kdc-options             [0] KDCOptions,



Neuman, et al.              Standards Track                   [Page 125]

RFC 4120                      Kerberos V5                      July 2005


        cname                   [1] PrincipalName OPTIONAL
                                    -- Used only in AS-REQ --,
        realm                   [2] Realm
                                    -- Server&#39;s realm
                                    -- Also client&#39;s in AS-REQ --,
        sname                   [3] PrincipalName OPTIONAL,
        from                    [4] KerberosTime OPTIONAL,
        till                    [5] KerberosTime,
        rtime                   [6] KerberosTime OPTIONAL,
        nonce                   [7] UInt32,
        etype                   [8] SEQUENCE OF Int32 -- EncryptionType
                                    -- in preference order --,
        addresses               [9] HostAddresses OPTIONAL,
        enc-authorization-data  [10] EncryptedData OPTIONAL
                                    -- AuthorizationData --,
        additional-tickets      [11] SEQUENCE OF Ticket OPTIONAL
                                        -- NOTE}</span> </div>

<p>KDCOptions      ::= KerberosFlags<br/>
        &#8211; reserved(0),<br/>
        &#8211; forwardable(1),<br/>
        &#8211; forwarded(2),<br/>
        &#8211; proxiable(3),<br/>
        &#8211; proxy(4),<br/>
        &#8211; allow-postdate(5),<br/>
        &#8211; postdated(6),<br/>
        &#8211; unused7(7),<br/>
        &#8211; renewable(8),<br/>
        &#8211; unused9(9),<br/>
        &#8211; unused10(10),<br/>
        &#8211; opt-hardware-auth(11),<br/>
        &#8211; unused12(12),<br/>
        &#8211; unused13(13),<br/>
&#8211; 15 is reserved for canonicalize<br/>
        &#8211; unused15(15),<br/>
&#8211; 26 was unused in 1510<br/>
        &#8211; disable-transited-check(26),<br/>
&#8211;<br/>
        &#8211; renewable-ok(27),<br/>
        &#8211; enc-tkt-in-skey(28),<br/>
        &#8211; renew(30),<br/>
        &#8211; validate(31)</p>

<p>AS-REP          ::= <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=APPLICATION+11&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">APPLICATION 11</a> KDC-REP</p>

<p>TGS-REP         ::= <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=APPLICATION+13&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">APPLICATION 13</a> KDC-REP</p>




<p>Neuman, et al.              Standards Track                   <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=Page+126&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">Page 126</a></p>

<p>RFC 4120                      Kerberos V5                      July 2005</p>


<p>KDC-REP         ::= SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        pvno            [0] INTEGER (5),
        msg-type        [1] INTEGER (11 -- AS -- | 13 -- TGS --),
        padata          [2] SEQUENCE OF PA-DATA OPTIONAL
                                -- NOTE}</span> </div>

<p>EncASRepPart    ::= <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=APPLICATION+25&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">APPLICATION 25</a> EncKDCRepPart</p>

<p>EncTGSRepPart   ::= <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=APPLICATION+26&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">APPLICATION 26</a> EncKDCRepPart</p>

<p>EncKDCRepPart   ::= SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        key             [0] EncryptionKey,
        last-req        [1] LastReq,
        nonce           [2] UInt32,
        key-expiration  [3] KerberosTime OPTIONAL,
        flags           [4] TicketFlags,
        authtime        [5] KerberosTime,
        starttime       [6] KerberosTime OPTIONAL,
        endtime         [7] KerberosTime,
        renew-till      [8] KerberosTime OPTIONAL,
        srealm          [9] Realm,
        sname           [10] PrincipalName,
        caddr           [11] HostAddresses OPTIONAL
}</span> </div>

<p>LastReq         ::=     SEQUENCE OF SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        lr-type         [0] Int32,
        lr-value        [1] KerberosTime
}</span> </div>

<p>AP-REQ          ::= <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=APPLICATION+14&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">APPLICATION 14</a> SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        pvno            [0] INTEGER (5),
        msg-type        [1] INTEGER (14),
        ap-options      [2] APOptions,
        ticket          [3] Ticket,
        authenticator   [4] EncryptedData -- Authenticator
}</span> </div>

<p>APOptions       ::= KerberosFlags<br/>
        &#8211; reserved(0),<br/>
        &#8211; use-session-key(1),</p>



<p>Neuman, et al.              Standards Track                   <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=Page+127&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">Page 127</a></p>

<p>RFC 4120                      Kerberos V5                      July 2005</p>


<p>        &#8211; mutual-required(2)</p>

<p>&#8211; Unencrypted authenticator<br/>
Authenticator   ::= <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=APPLICATION+2&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">APPLICATION 2</a> SEQUENCE  </p>
<div class="error"><span class="error">Unknown macro: {
        authenticator-vno       [0] INTEGER (5),
        crealm                  [1] Realm,
        cname                   [2] PrincipalName,
        cksum                   [3] Checksum OPTIONAL,
        cusec                   [4] Microseconds,
        ctime                   [5] KerberosTime,
        subkey                  [6] EncryptionKey OPTIONAL,
        seq-number              [7] UInt32 OPTIONAL,
        authorization-data      [8] AuthorizationData OPTIONAL
}</span> </div>

<p>AP-REP          ::= <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=APPLICATION+15&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">APPLICATION 15</a> SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        pvno            [0] INTEGER (5),
        msg-type        [1] INTEGER (15),
        enc-part        [2] EncryptedData -- EncAPRepPart
}</span> </div>

<p>EncAPRepPart    ::= <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=APPLICATION+27&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">APPLICATION 27</a> SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        ctime           [0] KerberosTime,
        cusec           [1] Microseconds,
        subkey          [2] EncryptionKey OPTIONAL,
        seq-number      [3] UInt32 OPTIONAL
}</span> </div>

<p>KRB-SAFE        ::= <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=APPLICATION+20&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">APPLICATION 20</a> SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        pvno            [0] INTEGER (5),
        msg-type        [1] INTEGER (20),
        safe-body       [2] KRB-SAFE-BODY,
        cksum           [3] Checksum
}</span> </div>

<p>KRB-SAFE-BODY   ::= SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        user-data       [0] OCTET STRING,
        timestamp       [1] KerberosTime OPTIONAL,
        usec            [2] Microseconds OPTIONAL,
        seq-number      [3] UInt32 OPTIONAL,
        s-address       [4] HostAddress,
        r-address       [5] HostAddress OPTIONAL
}</span> </div>

<p>KRB-PRIV        ::= <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=APPLICATION+21&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">APPLICATION 21</a> SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        pvno            [0] INTEGER (5),
        msg-type        [1] INTEGER (21),
                        -- NOTE}</span> </div>

<p>EncKrbPrivPart  ::= <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=APPLICATION+28&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">APPLICATION 28</a> SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        user-data       [0] OCTET STRING,
        timestamp       [1] KerberosTime OPTIONAL,
        usec            [2] Microseconds OPTIONAL,
        seq-number      [3] UInt32 OPTIONAL,
        s-address       [4] HostAddress -- sender&#39;s addr --,
        r-address       [5] HostAddress OPTIONAL -- recip&#39;s addr
}</span> </div>

<p>KRB-CRED        ::= <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=APPLICATION+22&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">APPLICATION 22</a> SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        pvno            [0] INTEGER (5),
        msg-type        [1] INTEGER (22),
        tickets         [2] SEQUENCE OF Ticket,
        enc-part        [3] EncryptedData -- EncKrbCredPart
}</span> </div>

<p>EncKrbCredPart  ::= <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=APPLICATION+29&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">APPLICATION 29</a> SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        ticket-info     [0] SEQUENCE OF KrbCredInfo,
        nonce           [1] UInt32 OPTIONAL,
        timestamp       [2] KerberosTime OPTIONAL,
        usec            [3] Microseconds OPTIONAL,
        s-address       [4] HostAddress OPTIONAL,
        r-address       [5] HostAddress OPTIONAL
}</span> </div>

<p>KrbCredInfo     ::= SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        key             [0] EncryptionKey,
        prealm          [1] Realm OPTIONAL,
        pname           [2] PrincipalName OPTIONAL,
        flags           [3] TicketFlags OPTIONAL,
        authtime        [4] KerberosTime OPTIONAL,
        starttime       [5] KerberosTime OPTIONAL,
        endtime         [6] KerberosTime OPTIONAL,
        renew-till      [7] KerberosTime OPTIONAL,
        srealm          [8] Realm OPTIONAL,
        sname           [9] PrincipalName OPTIONAL,
        caddr           [10] HostAddresses OPTIONAL
}</span> </div>

<p>KRB-ERROR       ::= <a href="/confluence/pages/createpage.action?spaceKey=DIRxASN1&amp;title=APPLICATION+30&amp;linkCreation=true&amp;fromPageId=20644895"
class="createlink">APPLICATION 30</a> SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        pvno            [0] INTEGER (5),
        msg-type        [1] INTEGER (30),
        ctime           [2] KerberosTime OPTIONAL,
        cusec           [3] Microseconds OPTIONAL,
        stime           [4] KerberosTime,



Neuman, et al.              Standards Track                   [Page 129]

RFC 4120                      Kerberos V5                      July 2005


        susec           [5] Microseconds,
        error-code      [6] Int32,
        crealm          [7] Realm OPTIONAL,
        cname           [8] PrincipalName OPTIONAL,
        realm           [9] Realm -- service realm --,
        sname           [10] PrincipalName -- service name --,
        e-text          [11] KerberosString OPTIONAL,
        e-data          [12] OCTET STRING OPTIONAL
}</span> </div>

<p>METHOD-DATA     ::= SEQUENCE OF PA-DATA</p>

<p>TYPED-DATA      ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        data-type       [0] Int32,
        data-value      [1] OCTET STRING OPTIONAL
}</span> </div>

<p>&#8211; preauth stuff follows</p>

<p>PA-ENC-TIMESTAMP        ::= EncryptedData &#8211; PA-ENC-TS-ENC</p>

<p>PA-ENC-TS-ENC           ::= SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        patimestamp     [0] KerberosTime -- client&#39;s time --,
        pausec          [1] Microseconds OPTIONAL
}</span> </div>

<p>ETYPE-INFO-ENTRY        ::= SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        etype           [0] Int32,
        salt            [1] OCTET STRING OPTIONAL
}</span> </div>

<p>ETYPE-INFO              ::= SEQUENCE OF ETYPE-INFO-ENTRY</p>

<p>ETYPE-INFO2-ENTRY       ::= SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        etype           [0] Int32,
        salt            [1] KerberosString OPTIONAL,
        s2kparams       [2] OCTET STRING OPTIONAL
}</span> </div>

<p>ETYPE-INFO2             ::= SEQUENCE SIZE (1..MAX) OF ETYPE-INFO2-ENTRY</p>

<p>AD-IF-RELEVANT          ::= AuthorizationData</p>

<p>AD-KDCIssued            ::= SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        ad-checksum     [0] Checksum,
        i-realm         [1] Realm OPTIONAL,
        i-sname         [2] PrincipalName OPTIONAL,
        elements        [3] AuthorizationData



Neuman, et al.              Standards Track                   [Page 130]

RFC 4120                      Kerberos V5                      July 2005


}</span> </div>

<p>AD-AND-OR               ::= SEQUENCE </p>
<div class="error"><span class="error">Unknown macro: {
        condition-count [0] Int32,
        elements        [1] AuthorizationData
}</span> </div>

<p>AD-MANDATORY-FOR-KDC    ::= AuthorizationData</p>

<p>END</p>
    </div>
    <div id="commentsSection" class="wiki-content pageSection">
       <div style="float: right;">
            <a href="http://cwiki.apache.org/confluence/users/viewnotifications.action"
class="grey">Change Notification Preferences</a>
       </div>
       <a href="http://cwiki.apache.org/confluence/display/DIRxASN1/Kerberos">View Online</a>
           </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message