Darren Reed (Optimation)
darrenr at optimation.com.au
Wed Nov 20 21:07:00 EST 2002
Is there a specification anywhere detailing what each of the
preauthentication data formats should be?
I've discovered that Cybersafe's Kerberos used "unixtime"
(KRB5_PADATA_ENC_UNIX_TIME) preauthentication data
and have been able to guess at the format but when I looked at
what's provided for KRB5_PADATA_ENC_TIMESTAMP,
expecting it to be similar, I find it to be vastly different.
The most significant difference is that the timestamp data in
krb5 packets is ASN.1 formatted, whereas the unixtime data
being sent for Cybersafe is not - just a nonce, the time repeated
a few times and a trailer.
At least one mention of unixtime on the web suggests that unixtime
has been depricated (I have no problem with this) but if I can
at least get the verify function correct (and tested), is the krbdev
team interested in patches ? Should then be accompanied by
a "--enable-unixtime" for configure or some such ? Never done
that bit, myself, but if it helps get it integrated and helps others
I'll have a go at it.
More information about the krbdev