[28052] in Kerberos

home help back first fref pref prev next nref lref last post

Preauth mechanism provision in MIT kerberos

daemon@ATHENA.MIT.EDU (Gopal Paliwal)
Wed Jul 18 03:39:48 2007

Message-ID: <6a113f920707180039h1b7967cah6dc6484f6ba19e28@mail.gmail.com>
Date: Wed, 18 Jul 2007 00:39:35 -0700
From: "Gopal Paliwal" <gopalpaliwal@gmail.com>
To: kerberos@mit.edu
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

Hi Friends,

Recently I set up the whole kerberos system using MIT kerberos 1.6.1. When I
run the kinit command i observe the results on ethereal.
Following is my observation:
$>kinit <username>
I observe that as soon as I enter above command, ethereal captures 2 packets
namely KRB5_AS_REQ and KRB5_AS_RES. After that I type pasword at my end to
whuch is used to decrypt the session key(between TGS & Client), I get in
response.

I assume that for the above case "pre-auth mehanism" in kerberos is not
activated. Even when I look at the code & RFC, I observe that preauth
mechanism is optional.

I wish to activate this mechanism for my set-up so that the password
generated key will be used to encrypt the time-stamp at the client side and
this encrypted stamp will be carried by the KRB5_AS_REQ to authentication
server.
That means I should see above message flow on the ethereal only when the
user types both its username and password for kinit command.

Could any one tell me how do I activate this preauth mechanism in my
kerberos if my above assumption is on the correct track. And also point out
the files I need to change to activate this mechanism.

Thanks in advance.

Regards,
Gopal Paliwal
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post