Kai Zheng created DIRKRB-470:
--------------------------------
Summary: cksum field should be set in TGS-REQ authenticator
Key: DIRKRB-470
URL: https://issues.apache.org/jira/browse/DIRKRB-470
Project: Directory Kerberos
Issue Type: Bug
Reporter: Kai Zheng
Found by [~mlbiam], there is some complaining in MIT KDC when processing
TGS-REQ, saying "Inappropriate type of checksum in message"
Ref. RFC4120 as below, note the field is optional.
{noformat}
-- Unencrypted authenticator
Authenticator ::= [APPLICATION 2] SEQUENCE {
authenticator-vno [0] INTEGER (5),
crealm [1] Realm,
cname [2] PrincipalName,
cksum [3] Checksum OPTIONAL,
cusec [4] Microseconds,
ctime [5] KerberosTime,
subkey [6] EncryptionKey OPTIONAL,
seq-number [7] UInt32 OPTIONAL,
authorization-data [8] AuthorizationData OPTIONAL
}
{noformat}
This would enhance to fill the *cksum* field even it's spec-ed as *optional*.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
