Contents of e-data with KDC_ERR_PREAUTH_REQUIRED

To: cat-ietf at mit.edu, krb-protocol at mit.edu
Subject: Contents of e-data with KDC_ERR_PREAUTH_REQUIRED
From: joda at pdc.kth.se (Johan Danielsson)
Date: 11 Jan 1998 01:20:41 +0100
Delivery-date: Sat, 10 Jan 1998 20:39:46 -0500

If the client is required to use pre-authentication, what should the
KDC return in the e-data field?

Suppose I have a database with a list of keys for each principal. Each
key corresponds to the same password, but are different because they
are used with different crypto-systems, and/or because they are salted
differently.

What I would like to return is a list of keytype/salt-pairs, but there
isn't any documented way to do this. I believe that the MIT KDC uses
the PA-ETYPE-INFO padata-type for something similar. I basically want
something like this:

PA-KEY-INFO ::= SEQUENCE {
	keytype[1]	INTEGER,
	salttype[2]	INTEGER,
	salt[3]		OCTET STRING
}


Generally, the various structures that has OCTET STRINGs instead of
CHOICEs, need better descriptions of the intended use of the `opaque'
data.

/Johan

Prev by Date: I-D ACTION:draft-ietf-poisson-nomcom-03.txt
Next by Date: unsubscribe
Previous by thread: I-D ACTION:draft-ietf-poisson-nomcom-03.txt
Next by thread: unsubscribe
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Contents of e-data with KDC_ERR_PREAUTH_REQUIRED

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.