krb5-1.8-beta1 is available
Greg Hudson
ghudson at MIT.EDU
Wed Feb 24 23:27:29 EST 2010
On Wed, 2010-02-24 at 19:16 -0500, Marcus Watts wrote:
> I'll look at my logic more carefully this evening. I don't see anything
> above that looks immediately obviously wrong to me. I assume the last
> few decoded bits are AD-SIGNEDPATH...?
Yes, although AD-SIGNTICKET might be the correct name now that I look
(the constants in the code are a little confusing; the data structure is
called krb5_ad_signedpath and the key usage constant is similar, but the
authdata constant is KRB5_AUTHDATA_SIGNTICKET).
The integer at offset 155 stands for AD-IF-RELEVANT; the integer at
offset 6 of the AD-IF-RELEVANT blob stands for AD-SIGNTICKET; and the
blob itself is an enctype (aes256-cts) and a checksum of cksumtype
hmac-sha1-aes256.
More information about the krbdev
mailing list