On 01/17/2014 01:23 PM, venkyA wrote: > So in case of a TGS-REQ, the armor key is used to encrypt the copy of the > req-body in the outer field. Would that be a correct statement?
Yes. > Also when the krbFastresponse is generated for the TGS-REP which is encrypted > with armor key, it would contain the > > 1) Copy of the session key from the service ticket encrypted with session key > of the user's TGT > 2) Client Nonce > 3) KrbFastFinished ( containing the timestamp, client realm, client name, > ticket checksum ) No, yes, and yes. The strengthen-key in KrbFastResponse is not a copy of the session key. It is a randomly chosen key which is combined with the authenticator subkey (from the request) to produce the reply key, which encrypts the RFC 4120 EncTGSRepPart. The session key is located inside the EncTGSRepPart, as it would be in a normal RFC 4120 reply. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
