Clarifications sought on Kerberos SA: TGS_REQ and Server Auth??

Surendra Babu A surendra.a at samsung.com
Wed Dec 7 04:48:08 EST 2005


Hi Kerberos Team,

Could you please let me know your thoughts on the following questions? Thank a lot in advance.
  1. While forming the TGS-REQ pkt, I need to send the Server name with that TGS_REQ packet. For this reason, I need to use krb5_parse_name(). second Parameter for this API is a Server Principal. Should I need to send a qualified Hostname with that? That means, we should know the Host NAme of the server? Without knowing the HOst Name of the Application Server (i.e. If we know only IP Address), can't we form the TGS_REQ packet and get the successful response TGS-REP?? I tyried with IP Address in Principal. But it was not successding. COuld you please let me know your thoughts?

  2. For Server Authentication feature: if the Application Server is a Kerberised ESMTP server, how it should proceed? After sending the Service ticket to ESMTP server, what should happen? Could you please let me know the Client and Applciation Server handshake and transfer machanism till Server Authentication feature happens? Any pointers on this topic are appreciated.

  Please let me know your thoughts. 

  Thank you,
  -Surendra


More information about the Kerberos mailing list