[
https://issues.apache.org/jira/browse/DIRKRB-91?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13634933#comment-13634933
]
Emmanuel Lecharny commented on DIRKRB-91:
-----------------------------------------
The patch works, but I wonder if something slightly different wouldn't be
better :
if ( decryptedEncAsRepPart != null )
{
switch ( decryptedEncAsRepPart[0] )
{
case KerberosConstants.ENC_AS_REP_PART_TAG:
EncAsRepPart encAsRepPart =
KerberosDecoder.decodeEncAsRepPart( decryptedEncAsRepPart );
if ( currentNonce !=
encAsRepPart.getEncKdcRepPart().getNonce() )
{
throw new KerberosException(
ErrorType.KRB_ERR_GENERIC,
"received nonce didn't match with the nonce
sent in the request" );
}
encKdcRepPart = encAsRepPart.getEncKdcRepPart();
break;
case KerberosConstants.ENC_TGS_REP_PART_TAG:
EncTgsRepPart encTgsRepPart =
KerberosDecoder.decodeEncTgsRepPart( decryptedEncAsRepPart );
if ( currentNonce !=
encTgsRepPart.getEncKdcRepPart().getNonce() )
{
throw new KerberosException(
ErrorType.KRB_ERR_GENERIC,
"received nonce didn't match with the nonce
sent in the request" );
}
encKdcRepPart = encTgsRepPart.getEncKdcRepPart();
break;
}
}
By reading the very fist byte of the decoded part, we ca tell if it's an AS or
a TGS encPart, which will spare an exception.
wdyt ?
> Problems decrypting the TGT in KerberosConnection
> -------------------------------------------------
>
> Key: DIRKRB-91
> URL: https://issues.apache.org/jira/browse/DIRKRB-91
> Project: Directory Kerberos
> Issue Type: Bug
> Reporter: Steve Moyer
> Assignee: Emmanuel Lecharny
> Attachments: AuthReqAndRep, DIRKRB-91-TGT-patch.txt
>
>
> See attached packet dumps (libpcap) of the request and response.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
