krb5-1.8-beta1 is available

Greg Hudson ghudson at MIT.EDU
Wed Feb 24 23:27:29 EST 2010

On Wed, 2010-02-24 at 19:16 -0500, Marcus Watts wrote:
> I'll look at my logic more carefully this evening.  I don't see anything
> above that looks immediately obviously wrong to me.  I assume the last
> few decoded bits are AD-SIGNEDPATH...?

Yes, although AD-SIGNTICKET might be the correct name now that I look
(the constants in the code are a little confusing; the data structure is
called krb5_ad_signedpath and the key usage constant is similar, but the
authdata constant is KRB5_AUTHDATA_SIGNTICKET).

The integer at offset 155 stands for AD-IF-RELEVANT; the integer at
offset 6 of the AD-IF-RELEVANT blob stands for AD-SIGNTICKET; and the
blob itself is an enctype (aes256-cts) and a checksum of cksumtype

More information about the krbdev mailing list