[32658] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: UDP and fragmentation

daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Sep 13 16:14:52 2010

From: Greg Hudson <ghudson@mit.edu>
To: Victor Sudakov <vas@mpeks.no-spam-here.tomsk.su>
In-Reply-To: <i6kqes$2omm$1@relay.tomsk.ru>
Date: Mon, 13 Sep 2010 16:14:45 -0400
Message-ID: <1284408885.5992.1572.camel@ray>
Mime-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

On Mon, 2010-09-13 at 05:21 -0400, Victor Sudakov wrote:
> BTW what can make Kerberos packets so big? Microsoft says: "Depending
> on a variety of factors including security identifier (SID) history
> and group membership, some accounts will have larger Kerberos
> authentication packet sizes." What's there inside? Long principal
> names? Long keys?

An Active Directory KDC will include authorization data within a
Kerberos ticket which includes the set of groups you are a member of.
If that's a lot of groups, then your ticket will be large.

Another way Kerberos packets can get big is Diffie-Hellman values
conveyed for PKINIT during initial authentication.


________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[32658] in Kerberos

Re: UDP and fragmentation

daemon@ATHENA.MIT.EDU (Greg Hudson)Mon Sep 13 16:14:52 2010

daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Sep 13 16:14:52 2010