Modifications to Kerberos internals
Sam Hartman
hartmans at MIT.EDU
Mon Nov 29 09:12:54 EST 2004
>>>>> "Venu" == Venu Satuluri <venusatuluri at gmail.com> writes:
Venu> Sorry for the late reply. We intend to make a public-key
Venu> cryptograhy version of Kerberos. There is a quite a bit of
Venu> literature regarding this, but I am not sure if any scheme
Venu> has been successfully implemented. (I would be grateful if u
Venu> could share any information regarding this).
There is active work on
http://www.ietf.org/internet-drafts/draft-ietf-cat-kerberos-pk-init-21.txt
. I think there are at least two implementations that are fairly
close to this spec.
Venu> We want to
Venu> implement a bare-bones version (this is for a 4-month senior
Venu> year project), and in keeping with that we want to retain as
Venu> much of the source code as is possible. We intend to change
Venu> the code relating to the message structures, and the
Venu> processing of messages by the various parties.
Venu> We spent some time examining the source code, as well as the
Venu> rfc for krb-protocol. Nevertheless, our project requires a
Venu> better understanding of the internals than the source code
Venu> supplies. Still looking for any such documentation.
There isn't any. There are discussions of parts of the code that have
happened over the years on this list; there are some documents for
parts of the code but none related to what you are working on.
If you want to implement pkinit, you'll need to understand
kdc/kdc_preauth.c and lib/krb5/krb /preauth2.c in significant detail.
You'll need to understand the ASN.1 encoders in /lib/krb5/asn.1 or
supply your own.
--Sam
More information about the krbdev
mailing list