[3467] in Kerberos
KRB4 Options
daemon@ATHENA.MIT.EDU (Matt Perry)
Fri Jun 24 14:32:55 1994
To: kerberos@MIT.EDU
Date: Fri, 24 Jun 1994 15:55:36 GMT
From: mattp@apertus.com (Matt Perry)
I am trying to identify the various options that can be issued
in the authentication and ticket granting messages in KRB4. In
reading RFC 1510, I have come across several options available
in authentication such as FORWARDABLE, PROXIABLE, USE_SESSION_KEY
and the like. In RFC's 1508 and 1509 I can only find reference to
three options for authentication (is this the same as credential
usage options?)
GSS_C_BOTH
GSS_C_INITIATE
GSS_C_ACCEPT
which in looking through the KRB4 source code I think relate to
KOPT_DO_MUTUAL.
KOPT_DONT_MK_REQ
KOPT_DONT_CANON
but I am not sure.
In RFC 1509 I see a set of flags which indicates that a context
supports a specific service option.
GSS_C_DELEG_FLAG 1
GSS_C_MUTUAL_FLAG 2
GSS_C_REPLAY_FLAG 4
GSS_C_SEQUENCE_FLAG 8
GSS_C_CONF_FLAG 16
GSS_C_INTEG_FLAG 32
I cannot seem to find their corollaries in the source code.
Is there a list of options and their meanings for the authentication
request and the ticket granting service ticket request for MIT Kerberos
V4 somewhere?
Is there documention like RFC 1510 for KRB4 that discusses KRB4 in
specifics rather than in the generic GSS format?
In looking through the sample code I got from athena-dist.mit.edu for
KRB4 I noticed the sample client code calls krb_sendauth. When I do
a man on krb_sendauth it mentions to "SEE ALSO" krb_mk_req(3), but no
such man page is delivered with the source. Is there another place
were such man pages are archived?
Are there any text books that explain Kerberos from a programmers point
of view? All I can find is a chapter in Stevens "UNIX Network Programming".
Thanks in advance,
Matt Perry
Apertus Technologies
mattp@apertus.com
