[521] in Kerberos
Re: Misc Kerberos questions
daemon@TELECOM.MIT.EDU (Steve Miller)
Mon Oct 24 14:42:16 1988
From: miller%erlang.DEC@DECWRL.DEC.COM (Steve Miller)
To: kerberos@ATHENA.MIT.EDU
>From: DECWRL::"ota+@andrew.cmu.edu" "Ted Anderson 21-Oct-88 1302 EDT" 21-OCT-1988 13:46
>To: kerberos@athena.mit.edu
>Subj: Miscellaneous low level Kerberos questions
>
>What does Kerberos do about byte order for machines that are neither purely
>little or big endian? For instance the 286 just byte swaps the halfwords of a
>long or something. How about if such a machine converts to one or the other of
>the existing machine types on output? This seems much better than teaching all
>existing implementations about yet another machine type.
My recollection of the 286, from porting the Kerberos code to a PC-AT, is that
it is little endian. But if such a weird beast did exist, yes, it should mimic
either a little endian or big endian machine.
>I gather that the ticket flags field encodes the byte order but it isn't clear
>from the documentation which bit of the flag it used for this. LSB?
Yes, the LSB. The documentation should be fixed to make this clear.
>Am I correct in assuming that the kvno of the key used to encrypt a ticket is
>always passed around with the ticket? Can a ticket be interpreted with out one
>(perhaps by trying all plausible keys)?
Yes, it is passed in cleartext as a hint to tell the receiver
what key to use. In principle, the receiver could try multiple keys if it
wanted, but I don't remember if the existing interface directly supports that.
Trying multiple keys would be very expensive when the number of possibilities
is greater than one, such as when a server is in the process of changing
its key, yet doesn't want to invalidate outstanding tickets.
Steve.
