directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Moyer (JIRA)" <>
Subject [jira] [Commented] (DIRKRB-91) Problems decrypting the TGT in KerberosConnection
Date Wed, 17 Apr 2013 17:45:16 GMT


Steve Moyer commented on DIRKRB-91:

 I found a thread that describes the AS_REP containing an EncTgsRepPart at
and there's a reference to RFC 4120, Section 5.4.2.  The pertinent paragraph is (quote):

Compatibility note: Some implementations unconditionally send an encrypted EncTGSRepPart (application
tag number 26) in this field regardless of whether the reply is a AS-REP or a TGS-REP.  In
the interest of compatibility, implementors MAY relax the check on the tag number of the decrypted

So apparently, it's widely known that (at least) the MIT Kerberos server has this behavior.
> Problems decrypting the TGT in KerberosConnection
> -------------------------------------------------
>                 Key: DIRKRB-91
>                 URL:
>             Project: Directory Kerberos
>          Issue Type: Bug
>            Reporter: Steve Moyer
>            Assignee: Emmanuel Lecharny
>         Attachments: AuthReqAndRep
> See attached packet dumps (libpcap) of the request and response.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

View raw message