KBR_ERROR definition - Kerberos

This is a discussion on KBR_ERROR definition - Kerberos ; Hi, Just by inspecting a KRB_ERROR packet, how can I tell this is the error response of AS_REQ or TGS_REG apart from knowing the application number of previous packet? Many thanks Joe ************************************************** ******************** This email and any files transmitted ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: KBR_ERROR definition

  1. KBR_ERROR definition

    Hi,

    Just by inspecting a KRB_ERROR packet, how can I tell this is the
    error response of AS_REQ or TGS_REG apart from knowing the application
    number of previous packet?

    Many thanks
    Joe

    ************************************************** ********************
    This email and any files transmitted with it are confidential and
    intended solely for the use of the individual or entity to whom they
    are addressed. If you have received this email in error please notify
    the system manager.

    This footnote also confirms that this email message has been swept for the presence of viruses using SOPHOS.

    http://www.itheon.com
    ************************************************** ********************

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: KBR_ERROR definition

    Joseph Kuan writes:
    > Hi,
    >
    > Just by inspecting a KRB_ERROR packet, how can I tell this is the
    > error response of AS_REQ or TGS_REG apart from knowing the application
    > number of previous packet?
    >
    > Many thanks
    > Joe


    I don't believe you can. MIT & Heimdal code create sockets with "wild"
    abandon - ensuring that each request (& perhaps its retries) go over a
    unique socket. That's how they pair up the error response with the
    request. The multiple sockets is because they're mainly concerned
    with identifying which connection and server caused the error, not
    which request. You might be able to make a *guess* as to what sort of
    request generated a krb5_error packet based on the error code and
    whether and what client and server were returned, but some kinds of
    error returns won't return those even if you thought you supplied
    them.

    Just out of curiosity, why would you be sending both an AS-REQ and a
    TGS-REQ over the same socket at the same time in the first place?

    -Marcus Watts
    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread