GSSAPI Kerberos mechanism
Richard Sharpe
rsharpe at ns.aus.com
Fri Sep 6 05:13:01 GMT 2002
Hi,
I think that this document is close to defining the format of KRB5
requests in GSSAPI/SPNEGO
draft-ietf-cat-iakerb-04.txt
It says that this is the format:
InitialContextToken ::=
[APPLICATION 0] IMPLICIT SEQUENCE {
thisMech MechType
-- MechType is OBJECT IDENTIFIER
-- representing "Kerberos V5"
innerContextToken ANY DEFINED BY thisMech
-- contents mechanism-specific;
-- ASN.1 usage within innerContextToken
-- is not required
and that:
The innerContextToken consists of a 2-byte TOK_ID field (defined below),
followed by the Kerberos V5 KRB-AS-REQ, KRB-AS-REP, KRB-TGS-REQ, or
KRB-TGS-REP messages, as appropriate. The TOK_ID field shall be one of the
following values, to denote that the message is either a request to the
KDC or a response from the KDC.
Message TOK_ID
KRB-KDC-REQ 00 03
KRB-KDC-REP 01 03
This is very close to what we see. The actual TOK_IDs seem to be:
KRB-KDC-REQ 0x0001
KRB-KDC-REP 0x0002
KRB-ERROR 0x0003
Regards
-----
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org,
sharpe at ethereal.com
More information about the samba-technical
mailing list