On Sun, 2011-08-07 at 03:13 -0400, Chris Hecker wrote: > Is there a max size for the AP-REQ and AP-REP packets? Even a > conservative (eg. never > 768 bytes) would be fine.
In principal, there is no maximum size for AP-REQ, because tickets can get arbitrarily large due to authdata. If you're not doing anything fancy with authdata and can bound the size of client and server principal names, you could probably compute a maximum size, but I don't have one offhand. AP-REP packets do not have a lot of variability in size because they contain no strings. If you look at an AP-REP packet containing an AES256 subkey, that's probably as large as you're going to see, modulo a few bytes to account for variable-length ASN.1 encoding of integers. Again, though, I don't have any specific numbers in my head for that. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos