[ https://issues.apache.org/jira/browse/DIRKRB-509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15071385#comment-15071385 ]
Jiajia Li commented on DIRKRB-509: ---------------------------------- >From MIT KRB DEV: The define is from >https://tools.ietf.org/html/draft-ietf-krb-wg-pkinit-alg-agility-07, with some >extensions based on RFC4556. > Add SupportedKDFs in AuthPack > ----------------------------- > > Key: DIRKRB-509 > URL: https://issues.apache.org/jira/browse/DIRKRB-509 > Project: Directory Kerberos > Issue Type: Bug > Affects Versions: 1.0.0-RC2 > Reporter: Jiajia Li > Assignee: Jiajia Li > > In mit source code k5-int-pkinit.h: > {code} > /** AuthPack from RFC 4556*/ > typedef struct _krb5_auth_pack { > krb5_pk_authenticator pkAuthenticator; > krb5_subject_pk_info *clientPublicValue; /* Optional */ > krb5_algorithm_identifier **supportedCMSTypes; /* Optional */ > krb5_data clientDHNonce; /* Optional */ > krb5_data **supportedKDFs; /* OIDs of KDFs; OPTIONAL */ > } krb5_auth_pack; > {code} > So we need add supportedKDFs in following define to enable decode the mit > request. > {code} > AuthPack ::= SEQUENCE { > pkAuthenticator [0] PKAuthenticator, > clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL, > supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL, > clientDHNonce [3] DHNonce OPTIONAL > } > {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)