On Thu, 09 Nov 2006 10:10:56 -0500 David Shambroom <[EMAIL PROTECTED]> wrote:
> Mike, > > The mechToken is a Kerberos AS_REQ message, not a GSS token. My understanding is that this statement is wholely incorrect. Do you speak binary? I think that's the only way you're going to convince me. The following is a comparison of a Kerberos 5 GSSAPI token submitted by Firefox and a Kerberos 5 NegTokenInit.mechToken[] from IE. $ hexd rawkrb5.bin -r "4,2,9,2,4,4,64" 00000: 60 82 04 8d |`... | 00000: 06 09 |.. | 00000: 2a 86 48 86 f7 12 01 02 02 |*.H...... | 00000: 01 00 |.. | 00000: 6e 82 04 7c |n..| | 00000: 30 82 04 78 |0..x | 00000: a0 03 02 01 05 a1 03 02 01 0e a2 07 03 05 00 00 |................| 00010: 00 00 00 a3 82 03 a6 61 82 03 a2 30 82 03 9e a0 |.......a...0....| 00020: 03 02 01 05 a1 09 1b 07 46 4f 4f 2e 4e 45 54 a2 |........FOO.NET.| 00030: 1e 30 1c a0 03 02 01 03 a1 15 30 13 1b 04 48 54 |.0........0...HT| $ hexd mechkrb5.bin -r "4,2,9,2,4,4,64" 00000: 60 82 04 99 |`... | 00000: 06 09 |.. | 00000: 2a 86 48 86 f7 12 01 02 02 |*.H...... | 00000: 01 00 |.. | 00000: 6e 82 04 88 |n... | 00000: 30 82 04 84 |0... | 00000: a0 03 02 01 05 a1 03 02 01 0e a2 07 03 05 00 20 |............... | 00010: 00 00 00 a3 82 03 b4 61 82 03 b0 30 82 03 ac a0 |.......a...0....| 00020: 03 02 01 05 a1 09 1b 07 46 4f 4f 2e 4e 45 54 a2 |........FOO.NET.| 00030: 20 30 1e a0 03 02 01 02 a1 17 30 15 1b 04 48 54 | 0........0...HT| Is Wireshark lieing to me? Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
