blank.gif (43 bytes)

Church Of The
Swimming Elephant

Search:
5.2. ASN.1 Base Definitions Connected: An Internet Encyclopedia
5.2. ASN.1 Base Definitions

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1510
Up: 5. Message Specifications
Prev: 5.1. ASN.1 Distinguished Encoding Representation
Next: 5.3. Tickets and Authenticators

5.2. ASN.1 Base Definitions

5.2. ASN.1 Base Definitions

The following ASN.1 base definitions are used in the rest of this section. Note that since the underscore character (_) is not permitted in ASN.1 names, the hyphen (-) is used in its place for the purposes of ASN.1 names.

Realm ::=           GeneralString

    Kerberos realms are encoded as GeneralStrings. Realms shall not contain a character with the code 0 (the ASCII NUL). Most realms will usually consist of several components separated by periods (.), in the style of Internet Domain Names, or separated by slashes (/) in the style of X.500 names. Acceptable forms for realm names are specified in section 7.

PrincipalName ::=   SEQUENCE {
                    name-type[0]     INTEGER,
                    name-string[1]   SEQUENCE OF GeneralString
}

    A PrincipalName is a typed sequence of components consisting of the following sub-fields:

    name-type

    This field specifies the type of name that follows. Pre-defined values for this field are specified in section 7.2. The name-type should be treated as a hint. Ignoring the name type, no two names can be the same (i.e., at least one of the components, or the realm, must be different). This constraint may be eliminated in the future.

    name-string

    This field encodes a sequence of components that form a name, each component encoded as a General String. Taken together, a PrincipalName and a Realm form a principal identifier. Most PrincipalNames will have only a few components (typically one or two).

KerberosTime ::=   GeneralizedTime
                   -- Specifying UTC time zone (Z)

    The timestamps used in Kerberos are encoded as GeneralizedTimes. An encoding shall specify the UTC time zone (Z) and shall not include any fractional portions of the seconds. It further shall not include any separators. Example: The only valid format for UTC time 6 minutes, 27 seconds after 9 pm on 6 November 1985 is 19851106210627Z.

HostAddress ::=     SEQUENCE  {
                    addr-type[0]             INTEGER,
                    address[1]               OCTET STRING
}

HostAddresses ::=   SEQUENCE OF SEQUENCE {
                    addr-type[0]             INTEGER,
                    address[1]               OCTET STRING
}

    The host adddress encodings consists of two fields:

    addr-type

    This field specifies the type of address that follows. Pre-defined values for this field are specified in section 8.1.

    address

    This field encodes a single address of type addr-type.

    The two forms differ slightly. HostAddress contains exactly one address; HostAddresses contains a sequence of possibly many addresses.

AuthorizationData ::=   SEQUENCE OF SEQUENCE {
                        ad-type[0]               INTEGER,
                        ad-data[1]               OCTET STRING
}

    ad-data

    This field contains authorization data to be interpreted according to the value of the corresponding ad-type field.

    ad-type

    This field specifies the format for the ad-data subfield. All negative values are reserved for local use. Non-negative values are reserved for registered use.

APOptions ::=   BIT STRING {
                reserved(0),
                use-session-key(1),
                mutual-required(2)
}

TicketFlags ::=   BIT STRING {
                  reserved(0),
                  forwardable(1),
                  forwarded(2),
                  proxiable(3),
                  proxy(4),
                  may-postdate(5),
                  postdated(6),
                  invalid(7),
                  renewable(8),
                  initial(9),
                  pre-authent(10),
                  hw-authent(11)
}

KDCOptions ::=   BIT STRING {
                 reserved(0),
                 forwardable(1),
                 forwarded(2),
                 proxiable(3),
                 proxy(4),
                 allow-postdate(5),
                 postdated(6),
                 unused7(7),
                 renewable(8),
                 unused9(9),
                 unused10(10),
                 unused11(11),
                 renewable-ok(27),
                 enc-tkt-in-skey(28),
                 renew(30),
                 validate(31)
}

LastReq ::=   SEQUENCE OF SEQUENCE {
              lr-type[0]               INTEGER,
              lr-value[1]              KerberosTime
}

    lr-type

    This field indicates how the following lr-value field is to be interpreted. Negative values indicate that the information pertains only to the responding server. Non-negative values pertain to all servers for the realm.

    If the lr-type field is zero (0), then no information is conveyed by the lr-value subfield. If the absolute value of the lr-type field is one (1), then the lr-value subfield is the time of last initial request for a TGT. If it is two (2), then the lr-value subfield is the time of last initial request. If it is three (3), then the lr-value subfield is the time of issue for the newest ticket-granting ticket used. If it is four (4), then the lr-value subfield is the time of the last renewal. If it is five (5), then the lr-value subfield is the time of last request (of any type).

    lr-value

    This field contains the time of the last request. The time must be interpreted according to the contents of the accompanying lr-type subfield.

See section 6 for the definitions of Checksum, ChecksumType, EncryptedData, EncryptionKey, EncryptionType, and KeyType.


Next: 5.3. Tickets and Authenticators

Connected: An Internet Encyclopedia
5.2. ASN.1 Base Definitions

Cotse.Net

Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

 
.
www.cotse.com
Have you gone to church today?
.
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 Cotse.com.
Cotse.com is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609