RFC 1510 (rfc1510) - Page 3 of 112


The Kerberos Network Authentication Service (V5)



Alternative Format: Original Text Document



RFC 1510                        Kerberos                  September 1993


   3.2.6. Using the encryption key .......................   24
   3.3. The Ticket-Granting Service (TGS) Exchange .......   24
   3.3.1. Generation of KRB_TGS_REQ message ..............   25
   3.3.2. Receipt of KRB_TGS_REQ message .................   26
   3.3.3. Generation of KRB_TGS_REP message ..............   27
   3.3.3.1. Encoding the transited field .................   29
   3.3.4. Receipt of KRB_TGS_REP message .................   31
   3.4. The KRB_SAFE Exchange ............................   31
   3.4.1. Generation of a KRB_SAFE message ...............   31
   3.4.2. Receipt of KRB_SAFE message ....................   32
   3.5. The KRB_PRIV Exchange ............................   33
   3.5.1. Generation of a KRB_PRIV message ...............   33
   3.5.2. Receipt of KRB_PRIV message ....................   33
   3.6. The KRB_CRED Exchange ............................   34
   3.6.1. Generation of a KRB_CRED message ...............   34
   3.6.2. Receipt of KRB_CRED message ....................   34
   4. The Kerberos Database ..............................   35
   4.1. Database contents ................................   35
   4.2. Additional fields ................................   36
   4.3. Frequently Changing Fields .......................   37
   4.4. Site Constants ...................................   37
   5. Message Specifications .............................   38
   5.1. ASN.1 Distinguished Encoding Representation ......   38
   5.2. ASN.1 Base Definitions ...........................   38
   5.3. Tickets and Authenticators .......................   42
   5.3.1. Tickets ........................................   42
   5.3.2. Authenticators .................................   47
   5.4. Specifications for the AS and TGS exchanges ......   49
   5.4.1. KRB_KDC_REQ definition .........................   49
   5.4.2. KRB_KDC_REP definition .........................   56
   5.5. Client/Server (CS) message specifications ........   58
   5.5.1. KRB_AP_REQ definition ..........................   58
   5.5.2. KRB_AP_REP definition ..........................   60
   5.5.3. Error message reply ............................   61
   5.6. KRB_SAFE message specification ...................   61
   5.6.1. KRB_SAFE definition ............................   61
   5.7. KRB_PRIV message specification ...................   62
   5.7.1. KRB_PRIV definition ............................   62
   5.8. KRB_CRED message specification ...................   63
   5.8.1. KRB_CRED definition ............................   63
   5.9. Error message specification ......................   65
   5.9.1. KRB_ERROR definition ...........................   66
   6. Encryption and Checksum Specifications .............   67
   6.1. Encryption Specifications ........................   68
   6.2. Encryption Keys ..................................   71
   6.3. Encryption Systems ...............................   71
   6.3.1. The NULL Encryption System (null) ..............   71
   6.3.2. DES in CBC mode with a CRC-32 checksum (descbc-crc)71



Kohl & Neuman