[Kdc-info] Preliminary draft of LDAP Kerberos schema
Ken Raeburn
raeburn at MIT.EDU
Fri Jun 16 14:08:10 EDT 2006
On Jun 16, 2006, at 06:41, K.G. Gokulavasan wrote:
> Sorry for the late reply. Versioning will be included as part of the
> attribute. As there already exists deployment of this schema, I will
> rename the attribute. Master Key vno is already part of krbSecretKey
> attribute(5th & 6th bytes). Is 16-bit not sufficient for kvno and
> master
> kvno (it can have value upto 65535)?
I understood that the Microsoft implementation, or at least one
version of it, used a timestamp to generate the kvno, not a sequence
of small integers. The RFC 4120 protocol allows for 32-bit unsigned
kvno values.
Ken
More information about the krbdev
mailing list