OID gss_nt_krb5_name value?

Will Fiveash william.fiveash at sun.com
Tue May 28 21:11:01 EDT 2002

I was looking at the value for gss_nt_krb5_name OID string in MIT
1.2.5 which is the string: "\052\206\110\206\367\022\001\002\002\001".
I was wondering how MIT got that value.  When I look at rfc1964.txt
section 2.2.1 (User Name Form) I see:

   This name form shall be represented by the Object Identifier
   {iso(1) member-body(2) United States(840) mit(113554) infosys(1)
   gssapi(2) generic(1) user_name(1)}.  The recommended symbolic name
   for this type is "GSS_KRB5_NT_USER_NAME".

   This name type is used to indicate a named user on a local system.

If gss_nt_krb5_name is supposed to represent the GSS_KRB5_NT_USER_NAME
OID then I'm confused as why it ends with \002\001 when the
description of GSS_KRB5_NT_USER_NAME ends with generic(1)
user_name(1).  I'm also curious how the entire gss_nt_krb5_name string
was derived from the GSS_KRB5_NT_USER_NAME description.

The reason I ask this question is that in the Solaris Kerberos
gss_nt_krb5_name is: "\052\206\110\206\367\022\001\002\001\001"

and I am trying to determine what the correct value should be.

Will Fiveash
Sun Microsystems Inc.
Austin, TX, USA (TZ=CST6CDT)

More information about the krbdev mailing list