Kerberos Kerberos - Dev

Some problem in forming the TGS request packet with krb5_parse_name() function

classic Classic list List threaded Threaded
2 messages Options
Surendra Babu
Reply | Threaded
Open this post in threaded view
|

Some problem in forming the TGS request packet with krb5_parse_name() function

Surendra Babu
Hi Kerbeors Development team,
 
I am seeing some problem in forming the TGS request
packet with krb5_parse_name() function while parsing
the Principal (with only IPADDRESS.....but not with
hostname and no DNS server configured).

1. To form the TGS request packet, I need to call the
krb5_parse_name() function to form the pricipal
structure.
For this I need to pass the KDC server's principal
name ad second parameter.
 
Prototype for krb5_parse_name() function is:
krb5_parse_name(krb5_context context, const char
*name, krb5_principal *nprincipal)
 
2. For the above fucntion, I need to pass the second
parameter as principal name:
that means: host/<KDC HOSTNAME>@REALM
example: host/[hidden email]
 
3. If I pass the above principle name with hostname,
then only the TGS packet is built correctly. Otherwise
it is not building the TGS packet.
 
4. If I pass the IP Address in Principal name, (like
ex: host/[hidden email]), the packet is not
built, failing. If user gives the IP Address instead
of hostname, how to form the packet? What parameters
to be passed to krb5_parse_name() for IPA ddress case?
(DNS server is not configured and IP ADDRESS is only
avaliable, how to form the TGS request packet?)
 
5. How can we form the principal name with out
hostname (Only available thing is IPADDRESS and no DNS
Server configured)
 
Please let me know your thoughts. Thank you.
 
Regards,
-Surendra



               
__________________________________
Start your day with Yahoo! - Make it your home page!
http://www.yahoo.com/r/hs
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Andrew Bartlett
Reply | Threaded
Open this post in threaded view
|

Re: Some problem in forming the TGS request packet with krb5_parse_name() function

Andrew Bartlett
On Thu, 2005-11-24 at 01:35 -0800, Surendra Babu wrote:
> Hi Kerbeors Development team,
>  
> I am seeing some problem in forming the TGS request
> packet with krb5_parse_name() function while parsing
> the Principal (with only IPADDRESS.....but not with
> hostname and no DNS server configured).

In short you cannot.

> 4. If I pass the IP Address in Principal name, (like
> ex: host/[hidden email]), the packet is not
> built, failing. If user gives the IP Address instead
> of hostname, how to form the packet? What parameters
> to be passed to krb5_parse_name() for IPA ddress case?
> (DNS server is not configured and IP ADDRESS is only
> avaliable, how to form the TGS request packet?)

This is indeed fortunate, as I've seen Windows clients try and find the
realm 76.56.23, presumably to then find a host '15'.  

> 5. How can we form the principal name with out
> hostname (Only available thing is IPADDRESS and no DNS
> Server configured)

I don't believe Kerberos is available in this situation.  The KDC
records names, not IP addresses, and you must ask with with a name
registered with the KDC.  

Andrew Bartlett

--
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net

_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev

signature.asc (196 bytes) Download Attachment
Free forum by Nabble Edit this page