OID gss_nt_krb5_name value?

Nicolas.Williams@ubsw.com Nicolas.Williams at ubsw.com
Wed May 29 15:15:00 EDT 2002

IIRC these values are really opaque - they're really
identifiers for use by the application with the API,
the GSS-API that is.


> -----Original Message-----
> From: Will Fiveash [mailto:william.fiveash at sun.com]
> Sent: Wednesday, May 29, 2002 3:00 PM
> To: MIT Kerberos Dev List
> Subject: Re: OID gss_nt_krb5_name value?
> On Wed, May 29, 2002 at 12:15:29PM -0400, Ken Raeburn wrote:
> > GSS_KRB5_NT_USER_NAME from RFC 1964 is the same as 
> > from RFC 2744; it's a generic user name, not a principal name.  But
> > the string you were looking at is for one of the 
> Kerberos-related name
> > types.
> > 
> > Unfortunately, the naming is a little screwed up.
> > GSS_KRB5_NT_PRINCIPAL_NAME is {... gssapi(2) krb5(2) 
> krb5_name(1)} and
> > uses the C variable gss_nt_krb5_name.  There's also a
> > gss_nt_krb5_principal variable, oid {... gssapi(2) krb5(2)
> > krb5_principal(2)}, but that doesn't seem to be in the RFC. 
>  Possibly
> > for internal use, or for the revised krb5 mechanism that 
> never really
> > got off the ground, but I have to run and don't have time 
> to look more
> > closely just this moment.  At first glance, it does appear to be a
> > binary format name, using the krb5_principal data type.
> Thanks for the explanation.  I also see in RFC 2744 where it
> discusses the ASN.1 BER encoding scheme for the gss_OID which explains
> the octal values assigned to gss_nt_krb5_name.  
> One other question, does anyone know if there are any interop problems
> caused by different values for gss_nt_krb5_name being used by
> different Kerberos implementations?  Is this value ever sent over the
> network?  I'm trying to figure out what to do regarding a bug caused
> by our redefining gss_nt_krb5_name from:
> "\052\206\110\206\367\022\001\002\001\001"
> to the MIT value:
> "\052\206\110\206\367\022\001\002\002\001".
> I'm concerned that if I change gss_nt_krb5_name back to
> "\052\206\110\206\367\022\001\002\001\001" I may be creating interop
> problems.
> -- 
> Will Fiveash
> Sun Microsystems Inc.
> Austin, TX, USA (TZ=CST6CDT)
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> http://mailman.mit.edu/mailman/listinfo/krbdev

Visit our website at http://www.ubswarburg.com

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

More information about the krbdev mailing list