Connected: An Internet Encyclopedia
A.17. KRB_PRIV verification

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1510
Up: A. Pseudo-code for protocol processing
Prev: A.16. KRB_PRIV generation
Next: A.18. KRB_CRED generation

A.17. KRB_PRIV verification

A.17. KRB_PRIV verification

        receive packet;
        if (packet.pvno != 5) then
                either process using other protocol spec
                or error_out(KRB_AP_ERR_BADVERSION);
        endif
        if (packet.msg-type != KRB_PRIV) then
                error_out(KRB_AP_ERR_MSG_TYPE);
        endif

        cleartext := decrypt(packet.enc-part) using negotiated key;
        if (decryption_error()) then
                error_out(KRB_AP_ERR_BAD_INTEGRITY);
        endif

        if (safe_priv_common_checks_ok(cleartext)) then
            return(cleartext.DATA, PACKET_IS_GENUINE_AND_UNMODIFIED);
        else
                return common_checks_error;
        endif


Next: A.18. KRB_CRED generation

Connected: An Internet Encyclopedia
A.17. KRB_PRIV verification