Connected: An Internet Encyclopedia
A.3. KRB_AS_REP verification
Up:
Connected: An Internet Encyclopedia
Up:
Requests For Comments
Up:
RFC 1510
Up:
A. Pseudo-code for protocol processing
Prev: A.2. KRB_AS_REQ verification and KRB_AS_REP generation
Next: A.4. KRB_AS_REP and KRB_TGS_REP common checks
A.3. KRB_AS_REP verification
A.3. KRB_AS_REP verification
decode response into resp;
if (resp.msg-type = KRB_ERROR) then
if(error = KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP))
then set pa_enc_timestamp_required;
goto KRB_AS_REQ;
endif
process_error(resp);
return;
endif
/* On error, discard the response, and zero the session key */
/* from the response immediately */
key = get_decryption_key(resp.enc-part.kvno, resp.enc-part.etype,
resp.padata);
unencrypted part of resp := decode of decrypt of resp.enc-part
using resp.enc-part.etype and key;
zero(key);
if (common_as_rep_tgs_rep_checks fail) then
destroy resp.key;
return error;
endif
if near(resp.princ_exp) then
print(warning message);
endif
save_for_later(ticket,session,client,server,times,flags);
Next: A.4. KRB_AS_REP and KRB_TGS_REP common checks
Connected: An Internet Encyclopedia
A.3. KRB_AS_REP verification