Maximum AP and AS message sizes
Tim Alsop
Tim.Alsop at CyberSafe.Ltd.UK
Mon Jul 21 11:35:26 EDT 2003
Eric,
I have seen in excess of 4k, but in your particular requriements the buffer may not need to be anywhere near that large. If you can confirm the usage scenario (e.g. is this a PacketCable compliant MTA ?) I can give you a better feel for size limits involved.
Tim.
_____
From: Naud, Eric [mailto:eric.naud at Terayon.com]
Sent: 21 July 2003 16:35
To: 'Tim Alsop'; Naud, Eric; kerberos at mit.edu
Subject: RE: Maximum AP and AS message sizes
Hi Tim,
Thanks for the quick response, but concerning the sizes are we talking 500 bytes, 1k, 2k? Statically allocating 4k on an embedded system is a little heavy so I'd like get a ballpark idea for the upper boudries on the reply messages.
What are the largest numbers you've seen?
Eric Naud
Software Development Engineer, Ottawa Design Center
Imedia Semiconductor
613.592.1052 x232
mailto:eric.naud at imedia.com <mailto:eric.naud at imedia.com>
---------------------------------------------------------------------------------
-----Original Message-----
From: Tim Alsop [mailto:Tim.Alsop at CyberSafe.Ltd.UK]
Sent: July 21, 2003 11:27 AM
To: Naud, Eric; kerberos at mit.edu
Subject: RE: Maximum AP and AS message sizes
Eric,
You also need to consider :
i) Whether IP addresses are stored in the tickets. In particular on a multi homed system the number of addresses can be quite large.
ii) Whether the KDC is a Microsoft KDC because PAC data will be stored in tickets.
These, along with PKINIT requirements are the major contributors to large tickets, and hence large request/response packets to/from the KDC.
Cheers, Tim.
-----Original Message-----
From: Naud, Eric [mailto:eric.naud at Terayon.com <mailto:eric.naud at Terayon.com> ]
Sent: 21 July 2003 16:23
To: kerberos at mit.edu
Subject: Maximum AP and AS message sizes
Hi All,
Can anyone tell me what the AP and AS message size maximums would be and what factor are to be considered?
I'm using PKINIT so I know my AS request will be rather large due to the certificate.
Thank!
Eric Naud
Software Development Engineer, Ottawa Design Center Imedia Semiconductor
613.592.1052 x232
mailto:eric.naud at imedia.com <mailto:eric.naud at imedia.com>
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos <https://mailman.mit.edu/mailman/listinfo/kerberos>
More information about the Kerberos
mailing list