Kerberos and network frames

Ken Raeburn raeburn at MIT.EDU
Mon Sep 16 07:02:53 EDT 2002


"FrXdXric ESNOUF" <frederic at esnouf.net> writes:

> I would like to know if someone can give me some information about kerberos
> and the network frames.
>
> I recently had to use a protocol analyser to see what was going on and saw
> that I don't have a lot of information such as :
>
>     * Why/when TCP/UDP

Depends on the implementation.  MIT's TCP support hasn't been released
yet, so the released code always uses UDP.  For Microsoft, I believe
the deciding factor -- or at least one of them -- is the size of the
message to be sent, and whether it's likely to fit in a single
unfragmented UDP packet in certain common network configurations.

>     * Structure of the data stored in a kerberos frame

RFC 1510 should give you most if not all of the ASN.1 type
definitions.  The ITU specifications for ASN.1 and the DER and BER
(two sets of encoding rules) should tell you how the messages are
actually encoded.

> I tried to find some info in the RFC but did not find all the details I was
> looking for.

You'll need to learn a bit about the ASN.1 encoding rules.  Since
we're using ASN.1, the RFC's description is somewhere between a data
structure and a raw bits-on-the-wire encoding description.

Ken



More information about the Kerberos mailing list