[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: About one unknown padata type 129



data: the pure data without der tag, class and length boundary. Forexample, principal type, principal value, realm, and a constant string'Kerberos'.key: tgs session key.key-usage: KRB5_OTHER...checksum type: -138
On 11/20/06, Love Hörnquist Åstrand <lha@kth.se> wrote:> Over what data is the checksum generated, using what key and key-usage ?>> Love>>> 19 nov 2006 kl. 08.11 skrev Ralph:>> > Thanks a lot.> >> > Finally, I found the structure of this padata with the type 129. It's> > called PA-S4U2Self. The checksum inside it is generated with data> > without asn1 boundary seperators. :-)> >> > Ralph> >> > On 11/16/06, Love Hörnquist Åstrand <lha@kth.se> wrote:> >> 16 nov 2006 kl. 06.10 skrev Ralph:> >>> >> > What's the meaning of 'not compatible'? Do you mean Heimdal has> >> > already know the structure of this piece of data (padata 129)? Or,> >> > does Heimdal use another approach to prived Constrained> >> Delegation and> >> > Protocol Transition?> >>> >> There is a diffrent wireformat today since I don't know what the> >> format was.> >> Also note that since there is no PAC in Heimdal, there needs to be a> >> diffrent> >> solution for checking the validity of the request.> >>> >> !
See the end of tests/kdc/check-kdc.in how to use it.> >>> >> Love> >>> >>> >>>>