[
https://issues.apache.org/jira/browse/DIRKRB-509?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15071364#comment-15071364
]
Kai Zheng commented on DIRKRB-509:
----------------------------------
Good catch Jiajia!! It looks like MIT implementation is kinds of out of sync
with the RFC4556 family. Did you report this to MIT KRB DEV?
Noted the comment for {{AuthPack}} in the head didn't update accordingly. I
will fix it.
> Add SupportedKDFs in AuthPack
> -----------------------------
>
> Key: DIRKRB-509
> URL: https://issues.apache.org/jira/browse/DIRKRB-509
> Project: Directory Kerberos
> Issue Type: Bug
> Affects Versions: 1.0.0-RC2
> Reporter: Jiajia Li
> Assignee: Jiajia Li
>
> In mit source code k5-int-pkinit.h:
> {code}
> /** AuthPack from RFC 4556*/
> typedef struct _krb5_auth_pack {
> krb5_pk_authenticator pkAuthenticator;
> krb5_subject_pk_info *clientPublicValue; /* Optional */
> krb5_algorithm_identifier **supportedCMSTypes; /* Optional */
> krb5_data clientDHNonce; /* Optional */
> krb5_data **supportedKDFs; /* OIDs of KDFs; OPTIONAL */
> } krb5_auth_pack;
> {code}
> So we need add supportedKDFs in following define to enable decode the mit
> request.
> {code}
> AuthPack ::= SEQUENCE {
> pkAuthenticator [0] PKAuthenticator,
> clientPublicValue [1] SubjectPublicKeyInfo OPTIONAL,
> supportedCMSTypes [2] SEQUENCE OF AlgorithmIdentifier OPTIONAL,
> clientDHNonce [3] DHNonce OPTIONAL
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
