You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Kai Zheng (JIRA)" <ji...@apache.org> on 2015/11/23 07:09:11 UTC

[jira] [Created] (DIRKRB-470) cksum field should be set in TGS-REQ authenticator

Kai Zheng created DIRKRB-470:
--------------------------------

             Summary: cksum field should be set in TGS-REQ authenticator
                 Key: DIRKRB-470
                 URL: https://issues.apache.org/jira/browse/DIRKRB-470
             Project: Directory Kerberos
          Issue Type: Bug
            Reporter: Kai Zheng


Found by [~mlbiam], there is some complaining in MIT KDC when processing TGS-REQ, saying "Inappropriate type of checksum in message"
Ref. RFC4120 as below, note the field is optional.
{noformat}
   -- Unencrypted authenticator
   Authenticator   ::= [APPLICATION 2] SEQUENCE  {
           authenticator-vno       [0] INTEGER (5),
           crealm                  [1] Realm,
           cname                   [2] PrincipalName,
           cksum                   [3] Checksum OPTIONAL,
           cusec                   [4] Microseconds,
           ctime                   [5] KerberosTime,
           subkey                  [6] EncryptionKey OPTIONAL,
           seq-number              [7] UInt32 OPTIONAL,
           authorization-data      [8] AuthorizationData OPTIONAL
   }
{noformat}

This would enhance to fill the *cksum* field even it's spec-ed as *optional*.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)