GSSAPI sequence numbers
Jake Scott
jake at poptart.org
Fri Mar 26 15:26:30 EDT 2021
Hi..
I am writing a native Golang implementation of GSSAPI, first for krb5 -
using Johnathan Turner's library (https://github.com/jcmturner/gokrb5).
I took the naive approach of handling the initial sequence numbers by
simply casting the uint32 value from the authenticator and AP-REP encpart
to uint64. However that causes compatibility issues with the MIT
implementation that appears to cast first to a signed int32 and then to the
GSSAPI uint64.
Looking at the Heimdal and Java code, it appears that my naive approach is
in use there unless I'm missing something glaringly obvious, and I can't
find mention in the RFC about any different encoding.
Could someone explain what the correct method is? If I'm missing a pointer
in a doc somewhere please let me know. Is MIT 'correct' technically or
maybe just by convention?
My current implementation is here :
https://github.com/jake-scott/go-gssapi/tree/v0
.. and the 'workaround' to make sequence numbers compatible with MIT :
// stash the sequence number for use in GSS Wrap
var seqTmp int32 = int32(auth.SeqNumber)
m.ourSequenceNumber = uint64(seqTmp)
Any info gratefully received..
Many thanks
Jake
More information about the Kerberos
mailing list