[
https://issues.apache.org/jira/browse/DIRKRB-91?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13634239#comment-13634239
]
Steve Moyer commented on DIRKRB-91:
-----------------------------------
I found a thread that describes the AS_REP containing an EncTgsRepPart at
http://kerberos.996246.n3.nabble.com/HELP-invalid-AS-REP-from-Linux-running-MIT-Kerberos-V5-td14527.html
and there's a reference to RFC 4120, Section 5.4.2. The pertinent paragraph
is (quote):
Compatibility note: Some implementations unconditionally send an encrypted
EncTGSRepPart (application tag number 26) in this field regardless of whether
the reply is a AS-REP or a TGS-REP. In the interest of compatibility,
implementors MAY relax the check on the tag number of the decrypted ENC-PART.
So apparently, it's widely known that (at least) the MIT Kerberos server has
this behavior.
> Problems decrypting the TGT in KerberosConnection
> -------------------------------------------------
>
> Key: DIRKRB-91
> URL: https://issues.apache.org/jira/browse/DIRKRB-91
> Project: Directory Kerberos
> Issue Type: Bug
> Reporter: Steve Moyer
> Assignee: Emmanuel Lecharny
> Attachments: AuthReqAndRep
>
>
> See attached packet dumps (libpcap) of the request and response.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
