[1874] in Kerberos_V5_Development
bug in the rfc and in the kdc
daemon@ATHENA.MIT.EDU (Marc Horowitz)
Thu Oct 24 22:34:08 1996
To: krbdev@MIT.EDU
From: Marc Horowitz <marc@cygnus.com>
Date: 24 Oct 1996 22:33:22 -0400
oh boy. rfc1510 section 3.3.2 states:
Once the accompanying ticket has been decrypted, the user-supplied
checksum in the Authenticator must be verified against the contents
of the request, and the message rejected if the checksums do not
match (with an error code of KRB_AP_ERR_MODIFIED) or if the checksum
is not keyed or not collision-proof (with an error code of
KRB_AP_ERR_INAPP_CKSUM).
Thus, the checksum in the authenticator must be keyed and
collision-proof.
rfc1510 section 5.4.1 says:
The checksum in the authenticator
(which must be collisionproof) is to be computed over the
KDC-REQ-BODY encoding.
Which just requires that it be collision-proof. These two section
conflict.
In addition, section 5.4.2 says:
For KRB_TGS_REP, the ciphertext is encrypted in the
sub-session key from the Authenticator, or if absent, the session key
from the ticket-granting ticket used in the request.
The "sub-session key from the Authenticator" is exactly what is
referenced by the kdc implementation when verifying the checksum in
the KDC-REQ. So, in our implementation, this key must be present, or
the kdc will core dump (hmm). The RFC says that this field in the
request is OPTIONAL.
Anybody have any comments?
Marc
