max size for ap-req and ap-rep?

Greg Hudson ghudson at MIT.EDU
Mon Aug 8 01:38:36 EDT 2011


On Sun, 2011-08-07 at 03:13 -0400, Chris Hecker wrote:
> Is there a max size for the AP-REQ and AP-REP packets?  Even a 
> conservative (eg. never > 768 bytes) would be fine.

In principal, there is no maximum size for AP-REQ, because tickets can
get arbitrarily large due to authdata.  If you're not doing anything
fancy with authdata and can bound the size of client and server
principal names, you could probably compute a maximum size, but I don't
have one offhand.

AP-REP packets do not have a lot of variability in size because they
contain no strings.  If you look at an AP-REP packet containing an
AES256 subkey, that's probably as large as you're going to see, modulo a
few bytes to account for variable-length ASN.1 encoding of integers.
Again, though, I don't have any specific numbers in my head for that.





More information about the Kerberos mailing list