It's complicated. Looks like MIT krb5 uses a uint32 for old etypes (DES, 3DES, RC4) and a uint64 for new ones (AES) [1][2].
I'll do more experiments. Thanks Max [1] https://github.com/krb5/krb5/blob/master/src/lib/gssapi/generic/util_seqstate.c#L76 [2] https://github.com/krb5/krb5/blob/master/src/lib/gssapi/krb5/init_sec_context.c#L825 > On Apr 24, 2018, at 8:55 PM, Wang Weijun <weijun.w...@oracle.com> wrote: > > RFC 4120 5.5.1 has >> seq-number > >> This optional field includes the initial sequence number to be used by the >> KRB_PRIV or KRB_SAFE messages when sequence numbers are used to detect >> replays. (It may also be used by application specific messages.) When >> included in the authenticator, this field specifies the initial sequence >> number for messages from the client to the server. When included in the >> AP-REP message, the initial sequence number is that for messages from the >> server to the client. When used in KRB_PRIV or KRB_SAFE messages, it is >> incremented by one after each message is sent. Sequence numbers fall in the >> range 0 through 2^32 - 1 and wrap to zero following the value 2^32 - 1. > > > If it wraps, then it’s 4 bytes. > > I will read more on it. > > Thanks > Max > >> 在 2018年4月24日,18:08,Valerie Peng <valerie.p...@oracle.com> 写道: >> >> Hi Max, >> >> Most changes look good. I have only some comments and questions (see below): >> >> - InitSecContextToken.java, line 62: bad -> unrecognized? >> - According to the class javadoc of various Token classes and Kerberos spec, >> the sequence number is 8-byte integer from header byte 8-15, but java int >> have only 4 bytes. The current code seems to assume the first 4 bytes of the >> sequence number are always 0. For the sake of compliance and max >> inter-operability, maybe we should use long to store the sequence number? >> >> CSR looks good to me. >> Thanks, >> Valerie >> >> >> >>> On 4/18/2018 10:40 AM, Weijun Wang wrote: >>> Please take a review of this fix: >>> >>> webrev: http://cr.openjdk.java.net/~weijun/8201627/webrev.00/ >>> CSR: https://bugs.openjdk.java.net/browse/JDK-8201814 >>> >>> Basically we fix some bugs and introduce a system property so we can >>> interop with everyone. >>> >>> Thanks >>> Max >>> >> >
