[788] in Kerberos
errata for V5 draft #1
daemon@TELECOM.MIT.EDU (John T Kohl)
Tue Aug 29 11:05:11 1989
From: John T Kohl <jtkohl@ATHENA.MIT.EDU>
To: krb-protocol@ATHENA.MIT.EDU, kerberos@ATHENA.MIT.EDU
Following is a list of errors in the first draft of the proposed V5
protocol spec. This list is also available with the drafts via
anonymous FTP on
athena-dist.mit.edu:/pub/kerberos/doc/kerberos/V5DRAFT-ERRATA-1.TXT .
Page numbers are in the form <postscript page #>/<line printer page #>
all pages: include section numbers in footers.
cover page, para. 4: "comforms" should be "conforms"
2/3 sec 1., para 1: "workstation" should be "host operating system"
2/3 sec 1., para 4 (near end): insert a period between "TGS" and "The Client"
3/5, 1.1, para 4: replace first sentence with "Realms are typically
organized hierarchically. Each realm shares a key with its parent and
a different key with each child."
3/5, 1.2, para 1: replace with "At times it may be necessary for a
principal to allow a service to perform an operation on its behalf. The
service must be able to take on the identity of the user, but only for a
particular purpose. A principal can allow a service to take on the
principal's identity for a particular purpose by granting it a proxy."
5/5, 1.3, "ticket": change "authenticates a client to a service" to
"helps a client authenticate to a service"; add to the end of the
definition "It only serves to authenticate a client when presented along
with a new Authenticator."
6/9: footnote, "principals" should be "principles"
8/13, 2.3.1., para 2: append "Both the KRB_TGS_REP and KRB_ERROR messages
contain information which can be used detect replays, and to to
associate it with the message for which it is a reply."
9/14, 2.3.2, para 6: replace "SECOND-TGT" with "ENC-TKT-IN-SKEY"
12/19, 4.3 header: "chaning" should be "changing"
19/29, ap_options: bit order should be reversed: reserved 0-29,
USE-SESSION-KEY = 30, RESERVED 31.
21/32, flags: bit order should be reversed. replace "least significant"
with "most significant". 31 RESERVED, 30 FORWARDABLE, 29 FORWARDED, 28
PROXIABLE, 27 PROXY, 26 POSTDATE, 25 POSTDATED, 24 INVALID, 23
RENEWABLE, 22 INITIAL, 21 DUPLICATE-SKEY, 20-0 RESERVED.
21/34 flags, RENEWABLE: replace description with: "A renewable ticket
can be used to obtain a new ticket that expires at a later date. This
allows the life of a ticket to be extended without having to enter a
password again, while providing some mechanism for cancellation of the
right to use the ticket at renewal time. If the ticket is not renewed
by its expiration time, then renewal will not be allowed. The RENEWABLE
flag is off by default. If set, then the `renew_till' field contains a
time after which the ticket may not be renewed."
22/35 kdc_options: bit order should be reversed. replace "least significant"
with "most significant". 31 RESERVED, 30 FORWARDABLE, 29 FORWARDED, 28
PROXIABLE, 27 PROXY, 26 POSTDATE, 25 POSTDATED, 24 UNUSED, 23 RENEWABLE,
22 UNUSED, 21 DUPLICATE-SKEY, 20-5 RESERVED, 4 RENEWABLE-OK, 3
ENC-TKT-IN-SKEY, 2 REUSE-SKEY, 1 RENEW, 0 VALIDATE.
23/37 kdc_options, RENEWABLE: replace description with "The RENEWABLE
option indicates that the ticket to be issued is to have its renewable
flag set. It may only be set on the initial request, or when the ticket
granting ticket on which the request is based is also renewable. If
this option is requested, then the 'renew_till' field contains the
desired absolute expiration time for the ticket."
24-25/39 lr_type: insert the following at the beginning of the
description: "This field indicates the way that the last_req".
bit order is reversed: 7 CONTINUED, 6 THIS-SERVER-ONLY, 0-5
INTERPRETATION. Bit 5 is the least significant bit.
