directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Emmanuel Lecharny" <elecha...@gmail.com>
Subject PB with a kerberos PDU
Date Fri, 15 Jun 2007 22:24:56 GMT
Hi,

does anyone know if the AS-REQ-PA-ENC-TS.pdu is used anywhere in the code ?

I found something very strange in this PDU (and it seems to be wrong
to me). Here is the semi-decoded PDU :

6a 81 ed 			AS-REQ
  30 81 ea 			KDC-REQ ::= SEQUENCE
    a1 03 			pvno [1] // tag [1]
      02 01 05 			INTEGER, value = 5
    a2 03 			msg-type [2] // tag [2]
      02 01 0a			INTEGER, value = 10, AS
    a3 50 			padata [3] // tag [3]
      30 4e 			SEQUENCE OF PA-DATA
        30 4c 			PA-DATA ::= SEQUENCE
          a1 03 		padata-type [1] // tag [1]
            02 01 02 		INTEGER, value = 2, pa-enc-timestamp (DER
encoding of PA-ENC-TIMESTAMP)
          a2 45 		padata-value [2] // tag [2]
            04 43 		OCTET STRING
              30 41 		PA-ENC-TIMESTAMP :: SEQUENCE
                a0 03 		patimestamp [0] // tag 0
                  02 01 03 	
                a2 3a
                  04 38
                    05 88 76 c7 be fe 1c 31 38 18 37 c2 e3 21 a7 f4
                    ea 10 ef 07 94 cc 2e e9 04 12 51 c8 44 eb fa d8
                    f0 e8 ec 7b 4b ff b4 e6 e4 34 a3 67 f8 ea c3 3e
                    e9 43 d7 15 f1 3b 57 e9

The padata-type is 2, which is a PA-ENC-TIMESTAMP. Then, the first
object in the SEQUENCE in the padata-value OCTET-STRING field should
have been a GeneralizedTime, not a INTEGER (02 01 03)

A clue, anyone ?

-- 
Regards,
Cordialement,
Emmanuel L├ęcharny
www.iktek.com

Mime
View raw message