blank.gif (43 bytes)

Church Of The
Swimming Elephant
Search:
5.5.1. KRB_AP_REQ definition Connected: An Internet Encyclopedia
5.5.1. KRB_AP_REQ definition
Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1510
Up: 5. Message Specifications
Up: 5.5. Client/Server (CS) message specifications
Prev: 5.5. Client/Server (CS) message specifications
Next: 5.5.2. KRB_AP_REP definition

5.5.1. KRB_AP_REQ definition

5.5.1. KRB_AP_REQ definition

The KRB_AP_REQ message contains the Kerberos protocol version number, the message type KRB_AP_REQ, an options field to indicate any options in use, and the ticket and authenticator themselves. The KRB_AP_REQ message is often referred to as the "authentication header". 

   AP-REQ ::=      [APPLICATION 14] SEQUENCE {
                   pvno[0]                       INTEGER,
                   msg-type[1]                   INTEGER,
                   ap-options[2]                 APOptions,
                   ticket[3]                     Ticket,
                   authenticator[4]              EncryptedData
   }

   APOptions ::=   BIT STRING {
                   reserved(0),
                   use-session-key(1),
                   mutual-required(2)
   }

pvno and msg-type

These fields are described above in section 5.4.1. msg-type is KRB_AP_REQ.

ap-options

This field appears in the application request (KRB_AP_REQ) and affects the way the request is processed. It is a bit-field, where the selected options are indicated by the bit being set (1), and the unselected options and reserved fields being reset (0). The encoding of the bits is specified in section 5.2. The meanings of the options are: 

  Bit(s)  Name           Description

  0       RESERVED       Reserved for future expansion of
                       this field.

  1       USE-SESSION-KEYThe USE-SESSION-KEY option indicates
                       that the ticket the client is
                       presenting to a server is encrypted in
                       the session key from the server's
                       ticket-granting ticket. When this
                       option is not specified, the ticket is
                       encrypted in the server's secret key.

  2       MUTUAL-REQUIREDThe MUTUAL-REQUIRED option tells the
                       server that the client requires mutual
                       authentication, and that it must
                       respond with a KRB_AP_REP message.

  3-31    RESERVED       Reserved for future use.

ticket

This field is a ticket authenticating the client to the server.

authenticator

This contains the authenticator, which includes the client's choice of a subkey. Its encoding is described in section 5.3.2.

Next: 5.5.2. KRB_AP_REP definition
Connected: An Internet Encyclopedia
5.5.1. KRB_AP_REQ definition

Cotse.Net

Protect yourself from cyberstalkers, identity thieves, and those who would snoop on you.
Stop spam from invading your inbox without losing the mail you want. We give you more control over your e-mail than any other service.
Block popups, ads, and malicious scripts while you surf the net through our anonymous proxies.
Participate in Usenet, host your web files, easily send anonymous messages, and more, much more.
All private, all encrypted, all secure, all in an easy to use service, and all for only $5.95 a month!

Service Details

 
.
www.cotse.com
Have you gone to church today?
.
All pages ©1999, 2000, 2001, 2002, 2003 Church of the Swimming Elephant unless otherwise stated
Church of the Swimming Elephant©1999, 2000, 2001, 2002, 2003 Cotse.com.
Cotse.com is a wholly owned subsidiary of Packetderm, LLC.

Packetderm, LLC
210 Park Ave #308
Worcester, MA 01609