[4931] in Kerberos

home help back first fref pref prev next nref lref last post

Kerberos V B4-2 - Problem with session key

daemon@ATHENA.MIT.EDU (Roland Gigler)
Wed Apr 5 10:36:30 1995

To: kerberos@MIT.EDU
Date: 5 Apr 1995 13:29:21 GMT
From: roland@tegernsee.zfe.siemens.de (Roland Gigler)
Reply-To: roland@tegernsee.zfe.siemens.de

Hi

I try to write a small application with a Client and a Server. 
I would like to have a session key for both parts to do any following
communication.

I generate in the client an authentication header with  krb5_mk_req
(ap_req_options = 0;) and send it to the server. 

But there I have problems getting the session key.

I use   krb5_rd_req/krb5_rd_req_simple   to verify the 
KRB_AP_REQ message  I get from the client. 

That works fine. normally retval = 0. If the ticket is expired, I get
KRB5_AP_ERR_TKT_EXPIRED. If the Principal for the Server of the senders address 
it not ok, I get the right error back.

au_data   now holds pointers to the ticket and the authenticator. But
when I follow these pointers, I get nothing I can use.
The authenticator should include the principal for the client, a timestamp, checksum and seq_number. But the values are bad.
The same with the ticket. Specially ticket->enc_part2 should hold the session key. 

So my questions are: 
1. Have I forgotten a step on server side 
2. Or is there needed something special in ap_req_options at client side
	 for krb5_mk_req



Thanks for Help
Roland

---
-------------------------------------------------
Roland Gigler   
		roland@tegernsee.eng.sc.rolm.com
		(roland@tegernsee.zfe.siemens.de)
-------------------------------------------------





home help back first fref pref prev next nref lref last post