directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kai Zheng (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DIRKRB-470) cksum field should be set in TGS-REQ authenticator
Date Mon, 23 Nov 2015 06:09:11 GMT
Kai Zheng created DIRKRB-470:
--------------------------------

             Summary: cksum field should be set in TGS-REQ authenticator
                 Key: DIRKRB-470
                 URL: https://issues.apache.org/jira/browse/DIRKRB-470
             Project: Directory Kerberos
          Issue Type: Bug
            Reporter: Kai Zheng


Found by [~mlbiam], there is some complaining in MIT KDC when processing TGS-REQ, saying "Inappropriate
type of checksum in message"
Ref. RFC4120 as below, note the field is optional.
{noformat}
   -- Unencrypted authenticator
   Authenticator   ::= [APPLICATION 2] SEQUENCE  {
           authenticator-vno       [0] INTEGER (5),
           crealm                  [1] Realm,
           cname                   [2] PrincipalName,
           cksum                   [3] Checksum OPTIONAL,
           cusec                   [4] Microseconds,
           ctime                   [5] KerberosTime,
           subkey                  [6] EncryptionKey OPTIONAL,
           seq-number              [7] UInt32 OPTIONAL,
           authorization-data      [8] AuthorizationData OPTIONAL
   }
{noformat}

This would enhance to fill the *cksum* field even it's spec-ed as *optional*.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message