directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kai Zheng (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRKRB-509) Add SupportedKDFs in AuthPack
Date Fri, 25 Dec 2015 07:36:49 GMT

    [ https://issues.apache.org/jira/browse/DIRKRB-509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15071397#comment-15071397
] 

Kai Zheng commented on DIRKRB-509:
----------------------------------

Very cool to figure this out!! Note I heard this draft but never saw it before. :(

> Add SupportedKDFs in AuthPack
> -----------------------------
>
>                 Key: DIRKRB-509
>                 URL: https://issues.apache.org/jira/browse/DIRKRB-509
>             Project: Directory Kerberos
>          Issue Type: Bug
>    Affects Versions: 1.0.0-RC2
>            Reporter: Jiajia Li
>            Assignee: Jiajia Li
>
> In mit source code k5-int-pkinit.h:
> {code}
> /** AuthPack from RFC 4556*/
> typedef struct _krb5_auth_pack {
>     krb5_pk_authenticator       pkAuthenticator;
>     krb5_subject_pk_info        *clientPublicValue; /* Optional */
>     krb5_algorithm_identifier   **supportedCMSTypes; /* Optional */
>     krb5_data                   clientDHNonce; /* Optional */
>     krb5_data                   **supportedKDFs; /* OIDs of KDFs; OPTIONAL */
> } krb5_auth_pack;
> {code}
> So we need add supportedKDFs in following define to enable decode the mit request.
> {code}
>  AuthPack ::= SEQUENCE {
>      pkAuthenticator         [0] PKAuthenticator,
>      clientPublicValue       [1] SubjectPublicKeyInfo OPTIONAL,
>      supportedCMSTypes       [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL,
>      clientDHNonce           [3] DHNonce OPTIONAL
>  }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message