[36056] in Kerberos
Re: On PKINIT padata
daemon@ATHENA.MIT.EDU (Benjamin Kaduk)
Tue Apr 15 23:06:51 2014
Date: Tue, 15 Apr 2014 23:06:38 -0400 (EDT)
From: Benjamin Kaduk <kaduk@mit.edu>
To: "arpit.orb" <arpit.orb@gmail.com>
In-Reply-To: <inpwj659nn4li5h4b0ohq1wl.1397587813837@email.android.com>
Message-ID: <alpine.GSO.1.10.1404152159370.21026@multics.mit.edu>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED;
BOUNDARY="-559023410-925823603-1397614939=:21026"
Content-ID: <alpine.GSO.1.10.1404152251310.21026@multics.mit.edu>
Cc: kerberos <kerberos@mit.edu>
Errors-To: kerberos-bounces@mit.edu
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
---559023410-925823603-1397614939=:21026
Content-Type: TEXT/PLAIN; CHARSET=ISO-8859-15; FORMAT=flowed
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID: <alpine.GSO.1.10.1404152251311.21026@multics.mit.edu>
On Wed, 16 Apr 2014, arpit.orb wrote:
> Hi All,=A0
>
> 1. What apis in MIT Kerberos lib are called when the pkinit is=20
> successful. Shouldkrb5_get_init_creds_password be called in case of=20
> pkinit ?
I'm not sure I understand the question. For one, is this anonymous pkinit=
=20
nor non-anonymous?
> 2. What does PADATA UNKNOWN 149 means ? (I am getting that in AS REQ and=
=20
> PRE-AUTH REQUIRED packets)
From=20krb5.h, 149 is KRB5_ENCPADATA_REQ_ENC_PA_REP, from RFC 6806. Perhap=
s=20
your client krb5 implementation is too old to have this support (but it=20
looks like it was first added in 1.8, which is a bit old at this point)?
-Ben Kaduk
---559023410-925823603-1397614939=:21026
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
---559023410-925823603-1397614939=:21026--