FW: Kerberos question/bug
Greg Hudson
ghudson at mit.edu
Thu Dec 28 14:44:19 EST 2017
On 12/28/2017 02:18 AM, William HARDY wrote:
> What is supposed to be in the TGS-REQ (Kerberos->tgs-req->req-body->sname->name-string->KerberosString: ? )
sname contains the server principal name. RFC 4120 describes the
protocol in detail.
> It seems that from the same machine (resolving on the same DNS servers), the contents of this field differs in a Wireshark capture depending on the application used event though the destination server is the same. What is supposed to be in “KerberosString” field ? What determines the content of this field ?
It is common for server principal names to have two components (two
KerberosStrings in the name-string sequence), where the first names the
application protocol and the second names the server host. So the first
component might be "host" (typically for ssh) or "ldap" or "HTTP", and
the second is the FQDN of the server host.
More information about the Kerberos
mailing list