directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <>
Subject Issues with the Kerberos Codec...
Date Mon, 15 Nov 2010 12:33:42 GMT
Hi guys,

I'm now hitting a wall with the codec.

We used a technique where each message is having its own grammar, as 
many messages are used in other messages. For instance, a Ticket is used 
as a standalone message, but also in a KDC-REQ-BODY, a KDC-REP, an 
AP-REP, a KRB-CRED. Sadly, if we do call another grammar from inside a 
grammar, then if the PDU is fragmented, we have no way to start again 
where we just stopped, as we have to go down to the grammar we are 
dealing with.

This is not currently handled.

I have to think about it and try to find a fix for that.

Otherwise, we still can process the Kerberos messages in one big 
grammar, as it's done for LDAP, but it will be a giant one, as we won't 
be able to factorize the decoding of common parts like PrincipalName 
(one of the issue is that if you depend on a part of the grammar to 
decode, say, a PrincipalName, then we have to know what will be the next 
step. Here, we have some conflict, as a PrincipalName may be present 
inside many message, but with no way to now what was the message we were 

I will try to think about options.

Note that this is not totally a dead end. What has been done is not lost.

Emmanuel L├ęcharny

View raw message