[17346] in Kerberos_V5_Development
Re: Make krb5int_check_clockskew() public?
daemon@ATHENA.MIT.EDU (Sam Hartman)
Mon Oct 31 13:09:50 2011
From: Sam Hartman <hartmans@mit.edu>
To: Linus Nordberg <linus@nordu.net>
Date: Mon, 31 Oct 2011 13:09:41 -0400
In-Reply-To: <yszty6qy2tr.fsf@nordberg.se> (Linus Nordberg's message of "Sun,
30 Oct 2011 15:24:48 +0100")
Message-ID: <tslhb2p1416.fsf@mit.edu>
MIME-Version: 1.0
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
>>>>> "Linus" == Linus Nordberg <linus@nordu.net> writes:
Linus> Sam Hartman <hartmans@mit.edu> wrote Sat, 29 Oct 2011
Linus> 18:35:08 -0400:
Linus> | Your ASN.1 decoder is mighty strange if it produces a
Linus> structure | depending on size of the armor key from an
Linus> encrypted timestamp preauth.
Linus> The timestamp we're verifying here is not standardised and is
Linus> hiding in the nonce field of the PA-OTP-CHALLENGE. The
Linus> definition of the nonce field was changed (in -18 IIRC) to
Linus> make it possible to include a timestamp in the nonce. This
Linus> relieves the KDC from holding state for this.
I thought you were dealing with the two-pass case.
Makes more sense now.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
