Service Ticket
Sam Hartman
hartmans at MIT.EDU
Mon Aug 5 11:30:32 EDT 2002
>>>>> "preetam" == preetam R <rpreetam2001 at yahoo.com> writes:
preetam> Hi, I am new to kerberos. I was going through the rfc1510
preetam> and couldn't find answer to the following question:
You're much better off reading
draft-ietf-krb-wg-kerberos-clarifications-* even though it is only a
draft; it gets issues like this much better.
preetam> When a Service Ticket is presented to the application
preetam> server, how will it know as to which algorithm was to
preetam> used to encrypt the ticket. The AP_REQ doesn't seem to
preetam> contain anything like algo-used field.
EncryptedData contains an enctype, kvno and an octet-string for the
ciphertext. Since the encrypted part of a ticket is an encrypteddata
there is an enctype associated with the ticket. There's also an
enctype associated with the session key; they do not need to be the
same and often are not.
Note that RFC 1510 has these two mostly unrelated concepts: etype and
keytype. Doing things that way is underspecified, so instead over the
wire we (and the revised spec) require a one-to-one correspondance
between ktypes and etypes.
More information about the Kerberos
mailing list