directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kai Zheng (JIRA)" <>
Subject [jira] [Created] (DIRKRB-470) cksum field should be set in TGS-REQ authenticator
Date Mon, 23 Nov 2015 06:09:11 GMT
Kai Zheng created DIRKRB-470:

             Summary: cksum field should be set in TGS-REQ authenticator
                 Key: DIRKRB-470
             Project: Directory Kerberos
          Issue Type: Bug
            Reporter: Kai Zheng

Found by [~mlbiam], there is some complaining in MIT KDC when processing TGS-REQ, saying "Inappropriate
type of checksum in message"
Ref. RFC4120 as below, note the field is optional.
   -- Unencrypted authenticator
   Authenticator   ::= [APPLICATION 2] SEQUENCE  {
           authenticator-vno       [0] INTEGER (5),
           crealm                  [1] Realm,
           cname                   [2] PrincipalName,
           cksum                   [3] Checksum OPTIONAL,
           cusec                   [4] Microseconds,
           ctime                   [5] KerberosTime,
           subkey                  [6] EncryptionKey OPTIONAL,
           seq-number              [7] UInt32 OPTIONAL,
           authorization-data      [8] AuthorizationData OPTIONAL

This would enhance to fill the *cksum* field even it's spec-ed as *optional*.

This message was sent by Atlassian JIRA

View raw message