Hi Team, Thank you for your information. Thaks a lot for your guidance. COuld you please let me know your thoughts on ..How TGS_REQ packet generation happens, What steps should be followed? In my TGS_REQ packet, KDC_REQ_BODY fileds are missing.
Please find attached my capture file. Please have a look at the TGS_REQ packet. It is saying that short frame. (I am using TCP and working with MIT code and UNIX KDC.) In that packet, KDC_REQ_BODY is missing and giving the probelm from there onwards. Could you please throw some light on this issue? I followed the beloew mentioned steps to form the TGS_REQ packet. Please let me know if I miss something. ============================================================ krb5_error_code *krb5_FormTGSReq*(krb5_kdc_req *tgs_req, krb5_context context) { krb5_data *scratch=NULL; krb5_checksum checksum; krb5_authenticator authent; krb5_timestamp tgt_exptime; krb5_error_code retval, iRet; char server_name[500] = {0, }; * // copy the TGT Expiration time to tmp variable * tgt_exptime = kdc_server_time+36000; //as_reply->enc_part2-> times.endtime; *//Fillup the tgs_req fields* tgs_req->magic = KV5M_KDC_REQ; tgs_req->msg_type = KRB5_TGS_REQ; tgs_req->kdc_options = KDC_OPT_RENEWABLE_OK; tgs_req->client = NULL; // Optional //Assign the SMTP Server principal name sprintf(ServiceName, "[EMAIL PROTECTED]","host/dpdniclin1.sisodomain.com", auth_user_data.realm_domain); iRet = krb5_parse_name(context,ServiceName,&(tgs_req->server)); if(iRet != NULL) { return -1; } tgs_req->from = NULL; // Optional tgs_req->till = tgt_exptime; //Till the tgt expiration time tgs_req->rtime = NULL; tgs_req->nonce = rand(); //put some no for testing purpose -Gopi if(krb5_make_clientaddr(&(tgs_req->addresses)) != KERB_SUCCESS) { DEBUG_KERB_PRINT("[kerberos_formTgsReq] Client Addr Failed"); return KERB_FAILURE; } tgs_req->unenc_authdata = NULL; // Optional tgs_req->second_ticket = NULL; // Optional tgs_req->ktype = (krb5_enctype *) malloc(sizeof(get_in_tkt_enctypes)); memcpy(tgs_req->ktype,get_in_tkt_enctypes,sizeof(get_in_tkt_enctypes)); *//filling up with Encryption types suported* tgs_req->nktypes = (sizeof(get_in_tkt_enctypes)/sizeof(krb5_enctype)); * // Encode the TGS-REQ body into scratch to calculate checksum * retval = encode_krb5_kdc_req_body(tgs_req,&scratch); if(retval) { if(scratch) krb5_free_data(NULL, scratch); return KERB_FAILURE; } * // Calculate the Checksum using the scratch * if ((retval = krb5_c_make_checksum(NULL, CKSUMTYPE_RSA_MD5, as_reply->enc_part2->session, KRB5_KEYUSAGE_TGS_REQ_AUTH_CKSUM, scratch, &checksum))) { free(checksum.contents); if(scratch) krb5_free_data(NULL, scratch); return(KERB_FAILURE); } // DO the clean Up here if(scratch) krb5_free_data(NULL,scratch); *//Form the PA Data.* if(KERB_SUCCESS != Form_PAData(&(tgs_req->padata),&checksum, context)) { free(checksum.contents); return KERB_FAILURE; } return KERB_SUCCESS; } ========================================================= With the above client code, I could generate the PA_DATA in the TGS_REQ packet but I could not generate the KDC_REQ_BODY fileds, though I filled up the tgs_req fields. If you look at the second attached network capture, it shows the correct TGS_REQ packet. It contains the KDC_REQ_BODY fileds also. This is taken from MS-windows client code. BUt with my client code's TGS_REQ packet, KDC_REQ_BODY fileds are missing. Could you please let me know your thoughts after going through the attached network capture. Appreciate your thoughts. Thank you. -Surendra
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos