Issue in generating Authenticator Data in AP_REQ
Sankar Das
sankar_das at yahoo.com
Fri Aug 17 02:56:06 EDT 2012
Hi,
I am trying to implement a Kerberos client to run againts KDC. I am having a problem in generating the "Authenticator Data" in AP_REQ. I am following the procedure mentioned below:
Step-1: Buffer creation as below
[62][TotalLen][30][TotalLen-2][A0][03][02][01][VNO][A1][REALMLEN][REALM][A2][PRINCIPALNAMELEN][PRINCIPALNAME]
[A4][04][MICROSEC][A5][12][KRBTIME]
Step-2: The entire buffer is passed to OpenSSL encryption function (i.e. EVP_EncryptInit_ex(), EVPEncryptUpdate(), EVP_EncryptFinal_ex())
to get the ciphertext
Note: The enc-part of the received ticket in AS_REP is used as the key for the encryption.
ERROR LOG in KDC
----------------
Aug 16 18:48:13 kerberos.mygroup.com krb5kdc[17823](info): TGS_REQ (3 etypes {23 3 1}) 10.205.27.155: PROCESS_TGS: authtime 0, <unknown client> for <unknown server>, ASN.1 identifier doesn't match expected value
I am new to this list. So please excuse me if this topic has already been discussed. Any help would be appreciated.
Thanks
Sankar
More information about the krbdev
mailing list