directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Moyer (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRKRB-91) Problems decrypting the TGT in KerberosConnection
Date Wed, 17 Apr 2013 17:45:16 GMT

    [ https://issues.apache.org/jira/browse/DIRKRB-91?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13634239#comment-13634239
] 

Steve Moyer commented on DIRKRB-91:
-----------------------------------

 I found a thread that describes the AS_REP containing an EncTgsRepPart at http://kerberos.996246.n3.nabble.com/HELP-invalid-AS-REP-from-Linux-running-MIT-Kerberos-V5-td14527.html
and there's a reference to RFC 4120, Section 5.4.2.  The pertinent paragraph is (quote):

Compatibility note: Some implementations unconditionally send an encrypted EncTGSRepPart (application
tag number 26) in this field regardless of whether the reply is a AS-REP or a TGS-REP.  In
the interest of compatibility, implementors MAY relax the check on the tag number of the decrypted
ENC-PART.

So apparently, it's widely known that (at least) the MIT Kerberos server has this behavior.
                
> Problems decrypting the TGT in KerberosConnection
> -------------------------------------------------
>
>                 Key: DIRKRB-91
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-91
>             Project: Directory Kerberos
>          Issue Type: Bug
>            Reporter: Steve Moyer
>            Assignee: Emmanuel Lecharny
>         Attachments: AuthReqAndRep
>
>
> See attached packet dumps (libpcap) of the request and response.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message