directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kai Zheng (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (DIRKRB-470) cksum field should be set in TGS-REQ authenticator
Date Mon, 23 Nov 2015 06:18:10 GMT

     [ https://issues.apache.org/jira/browse/DIRKRB-470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Kai Zheng reassigned DIRKRB-470:
--------------------------------

    Assignee: Kai Zheng

> cksum field should be set in TGS-REQ authenticator
> --------------------------------------------------
>
>                 Key: DIRKRB-470
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-470
>             Project: Directory Kerberos
>          Issue Type: Bug
>            Reporter: Kai Zheng
>            Assignee: Kai Zheng
>
> Found by [~mlbiam], there is some complaining in MIT KDC when processing TGS-REQ, saying
"Inappropriate type of checksum in message"
> Ref. RFC4120 as below, note the field is optional.
> {noformat}
>    -- Unencrypted authenticator
>    Authenticator   ::= [APPLICATION 2] SEQUENCE  {
>            authenticator-vno       [0] INTEGER (5),
>            crealm                  [1] Realm,
>            cname                   [2] PrincipalName,
>            cksum                   [3] Checksum OPTIONAL,
>            cusec                   [4] Microseconds,
>            ctime                   [5] KerberosTime,
>            subkey                  [6] EncryptionKey OPTIONAL,
>            seq-number              [7] UInt32 OPTIONAL,
>            authorization-data      [8] AuthorizationData OPTIONAL
>    }
> {noformat}
> This would enhance to fill the *cksum* field even it's spec-ed as *optional*.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message