Suitable Kerberos Server for Packet cable ??

Love Hörnquist Åstrand lha at kth.se
Thu Jan 15 13:15:30 EST 2009


Older versions of heimdal did work with packet cable but since I  
didn't have anything to test with I broke it on purpose when code  
changed.

Love


15 jan 2009 kl. 00.32 skrev ronnie sahlberg:

> I think there is a company called Blue-Cable or something that does
> these things.
>
>
> I doubt that either a MIT or  Heimdal (or any rfc1510) server will
> work since packet-cable uses a non-1510 implementation of kerberos 5.
> Its very similar but there are subtle differences.
> They use either a pre-1510 draft or a forked different standard, dont
> know which, suspect the first.
>
>> From experience implementing both packetcable and also 1510 in
> wireshark we got around this by changing the ASN to make some
> structure fields OPTIONAL which were OPTIONAL in packet-cable but were
> mandatory in the official 1510.
>
> The changes I had to make was rather smallish and I did put a comment
> in packet-kerberos.c in wireshark to indicate these non-1510 changes.
> This was possible since we only unmarshall packets and never marshall
> them and thus sprinkling the ASN with extra OPTIONAL is harmless.
>
> There might be additional changes required  if you also need to
> marshall data. Dont know. You take lots of shortcuts when you only
> unmarshall data.
>
>
> I think I recall also other differences (not ASN changes) that related
> to things like preauthentication types/blobs, enctypes, salt blobs
> etc etc.
> (Some which actually surprised me when they were resurrected in
> microsoft ad krb5   with the same numbers and the same meaning
> sometime around when w2k3 was released).
>
>
> Was a long time ago I did packetcable for wireshark so my memory is  
> hazy...
> There was at some point a post on the wireshark mailinglist (long
> after i implemented the packetcable changes in ws) that linked to a
> full set of official specification for packetcable and in particular
> their krb5 implementation.
> This was in the days when wireshark was called ethereal.
>
>
> regards
> ronnie sahlberg
>
>
> On Thu, Jan 15, 2009 at 7:08 PM, Aleem AKHTAR <aleem.akhtar at st.com>  
> wrote:
>>
>> Hi,
>>
>> Could I get information which kerberos server is best suited for  
>> Packet cable project specification. Is there any limitation if we  
>> use open source krb5 server published by MIT ??
>> In wireshark the incompatibility issue between 1510 and packetcable  
>> is minor since we only ever unmarshall packets and never mashall  
>> them.
>>
>> Thanks,
>> Aleem
>>
>>
>> ________________________________________________
>> Kerberos mailing list           Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos




More information about the Kerberos mailing list