You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Kai Zheng (JIRA)" <ji...@apache.org> on 2015/11/23 07:18:10 UTC
[jira] [Resolved] (DIRKRB-470) cksum field should be set in TGS-REQ
authenticator
[ https://issues.apache.org/jira/browse/DIRKRB-470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kai Zheng resolved DIRKRB-470.
------------------------------
Resolution: Fixed
commit df6ba15d4f990b104efcf36ede913f4eeb09a872
Author: Drankye <dr...@gmail.com>
Date: Tue Nov 24 14:16:32 2015 +0800
DIRKRB-469 & DIRKRB-470 setting vno & cksum fields when making authenticator
> cksum field should be set in TGS-REQ authenticator
> --------------------------------------------------
>
> Key: DIRKRB-470
> URL: https://issues.apache.org/jira/browse/DIRKRB-470
> Project: Directory Kerberos
> Issue Type: Bug
> Reporter: Kai Zheng
>
> Found by [~mlbiam], there is some complaining in MIT KDC when processing TGS-REQ, saying "Inappropriate type of checksum in message"
> Ref. RFC4120 as below, note the field is optional.
> {noformat}
> -- Unencrypted authenticator
> Authenticator ::= [APPLICATION 2] SEQUENCE {
> authenticator-vno [0] INTEGER (5),
> crealm [1] Realm,
> cname [2] PrincipalName,
> cksum [3] Checksum OPTIONAL,
> cusec [4] Microseconds,
> ctime [5] KerberosTime,
> subkey [6] EncryptionKey OPTIONAL,
> seq-number [7] UInt32 OPTIONAL,
> authorization-data [8] AuthorizationData OPTIONAL
> }
> {noformat}
> This would enhance to fill the *cksum* field even it's spec-ed as *optional*.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)