Using KDC's master key to encrypt data
Alejandro Perez Mendez
alex at um.es
Fri Aug 10 03:45:08 EDT 2012
On 10/08/12 08:35, Alejandro Perez Mendez wrote:
> After a discussing it with Nico, and since I'm not actually using FAST,
> we realized that it may be better if I don't use PA_FX_COOKIE at all for
> this purpose. The GSS context can be transported within the same PA_DATA
> than the GSS_TOKEN, making the solution more independent from FAST.
>
> The resulting PA-GSS would be something similar to this (ASN1 provided
> by Nico):
>
> PA-TGS ::= SEQUENCE {
> sec-ctx-token [0] OCTET STRING,
> state [1] EncryptedData OPTIONAL -- containing PA-GSS-STATE
> }
I meant PA-GSS and not PA-TGS
More information about the krbdev
mailing list