KRB5(3) krb5 1.0 KRB5(3)

packet.application.krb5 - KRB5 module

Decode KRB5 layer Decoding using ASN.1 DER (Distinguished Encoding Representation)

RFC 4120 The Kerberos Network Authentication Service (V5) RFC 6113 A Generalized Framework for Kerberos Pre-Authentication

AP Option flags


AP-REP  ::= [APPLICATION 15] SEQUENCE {
    pvno      [0] INTEGER (5),
    msg-type  [1] INTEGER (15),
    enc-part  [2] EncryptedData -- EncAPRepPart
}

Methods defined here:
---------------------
__init__(self, obj)
Constructor
Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

AP-REQ  ::= [APPLICATION 14] SEQUENCE {
    pvno           [0] INTEGER (5),
    msg-type       [1] INTEGER (14),
    options        [2] APOptions,
    ticket         [3] Ticket,
    authenticator  [4] EncryptedData -- Authenticator
}

Methods defined here:
---------------------
__init__(self, obj)
Constructor
Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

Checksum  ::= SEQUENCE {
    cksumtype  [0] Int32,
    checksum   [1] OCTET STRING
}

Methods defined here:
---------------------
__init__(self, obj)
Constructor
Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

EncryptedData  ::= SEQUENCE {
    etype   [0] Int32 -- EncryptionType --,
    kvno    [1] UInt32 OPTIONAL,
    cipher  [2] OCTET STRING -- ciphertext
}

Methods defined here:
---------------------
__init__(self, obj)
Constructor
Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

ETYPE-INFO2-ENTRY  ::= SEQUENCE {
    etype      [0] Int32,
    salt       [1] KerberosString OPTIONAL,
    s2kparams  [2] OCTET STRING OPTIONAL
}

Methods defined here:
---------------------
__init__(self, obj)
Constructor
Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

HostAddress  ::= SEQUENCE  {
    addr-type  [0] Int32,
    address    [1] OCTET STRING
}

Methods defined here:
---------------------
__init__(self, obj)
Constructor
Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

KDC Option flags


KDC-REP  ::= SEQUENCE {
    pvno      [0] INTEGER (5),
    msg-type  [1] INTEGER (11 -- AS -- | 13 -- TGS --),
    padata    [2] SEQUENCE OF PA-DATA OPTIONAL
                  -- NOTE: not empty --,
    crealm    [3] Realm,
    cname     [4] PrincipalName,
    ticket    [5] Ticket,
    enc-part  [6] EncryptedData
                  -- EncASRepPart or EncTGSRepPart,
                  -- as appropriate
}

Methods defined here:
---------------------
__init__(self, obj)
Constructor
Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

KDC-REQ  ::= SEQUENCE {
    -- NOTE: first tag is [1], not [0]
    pvno      [1] INTEGER (5) ,
    msg-type  [2] INTEGER (10 -- AS -- | 12 -- TGS --),
    padata    [3] SEQUENCE OF PA-DATA OPTIONAL
                  -- NOTE: not empty --,
    req-body  [4] KDC-REQ-BODY
}

Methods defined here:
---------------------
__init__(self, obj)
Constructor
Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

KDC-REQ-BODY  ::= SEQUENCE {
    options                  [0] KDCOptions,
    cname                    [1] PrincipalName OPTIONAL
                                 -- Used only in AS-REQ --,
    realm                    [2] Realm
                                 -- Server's realm
                                 -- Also client's in AS-REQ --,
    sname                    [3] PrincipalName OPTIONAL,
    from                     [4] KerberosTime OPTIONAL,
    till                     [5] KerberosTime,
    rtime                    [6] KerberosTime OPTIONAL,
    nonce                    [7] UInt32,
    etype                    [8] SEQUENCE OF Int32 -- EncryptionType
                                 -- in preference order --,
    addresses                [9] HostAddresses OPTIONAL,
    enc-authorization-data  [10] EncryptedData OPTIONAL
                                 -- AuthorizationData --,
    additional-tickets      [11] SEQUENCE OF Ticket OPTIONAL
                                 -- NOTE: not empty
}

Methods defined here:
---------------------
__init__(self, obj)
Constructor
Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

KRB5 object
Usage:
    from packet.application.krb5 import KRB5
    # Decode KRB5 layer
    x = KRB5(pktt, proto)
Object definition:
KRB5(
    appid = int,  # Application Identifier
    kdata = KDC_REQ|KDC_REP|KRB_ERROR
}

Methods defined here:
---------------------
__bool__(self)
Truth value testing for the built-in operation bool()
__init__(self, pktt, proto)
Constructor
Initialize object's private data.

Packet trace object (packet.pktt.Pktt) so this layer has
access to the parent layers.
Transport layer protocol.








KRB-ERROR  ::= [APPLICATION 30] SEQUENCE {
    pvno        [0] INTEGER (5),
    msg-type    [1] INTEGER (30),
    ctime       [2] KerberosTime OPTIONAL,
    cusec       [3] Microseconds OPTIONAL,
    stime       [4] KerberosTime,
    susec       [5] Microseconds,
    error-code  [6] Int32,
    crealm      [7] Realm OPTIONAL,
    cname       [8] PrincipalName OPTIONAL,
    realm       [9] Realm -- service realm --,
    sname       [10] PrincipalName -- service name --,
    e-text      [11] KerberosString OPTIONAL,
    e-data      [12] OCTET STRING OPTIONAL
}



Methods defined here:
---------------------


__init__(self, obj)
Constructor
Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.








KrbFastArmor  ::= SEQUENCE {
    armor-type   [0] Int32,
        -- Type of the armor.
    armor-value  [1] OCTET STRING,
        -- Value of the armor.
}



Methods defined here:
---------------------


__init__(self, obj)
Constructor
Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.








KrbFastArmoredRep ::= SEQUENCE {
   enc-fast-rep  [0] EncryptedData, -- KrbFastResponse --
       -- The encryption key is the armor key in the request, and
       -- the key usage number is KEY_USAGE_FAST_REP.
}



Methods defined here:
---------------------


__init__(self, obj)
Constructor
Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.








KrbFastArmoredReq ::= SEQUENCE {
    armor        [0] KrbFastArmor OPTIONAL,
        -- Contains the armor that identifies the armor key.
        -- MUST be present in AS-REQ.
    req-checksum [1] Checksum,
        -- For AS, contains the checksum performed over the type
        -- KDC-REQ-BODY for the req-body field of the KDC-REQ
        -- structure;
        -- For TGS, contains the checksum performed over the type
        -- AP-REQ in the PA-TGS-REQ padata.
        -- The checksum key is the armor key, the checksum
        -- type is the required checksum type for the enctype of
        -- the armor key, and the key usage number is
        -- KEY_USAGE_FAST_REQ_CHKSUM.
    enc-fast-req [2] EncryptedData, -- KrbFastReq --
        -- The encryption key is the armor key, and the key usage
        -- number is KEY_USAGE_FAST_ENC.
}



Methods defined here:
---------------------


__init__(self, obj)
Constructor
Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.








PrincipalName  ::= SEQUENCE {
    name-type    [0] Int32,
    name-string  [1] SEQUENCE OF KerberosString
}



Methods defined here:
---------------------


__init__(self, obj)
Constructor
Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.








Ticket  ::= [APPLICATION 1] SEQUENCE {
    tkt-vno   [0] INTEGER (5),
    realm     [1] Realm,
    sname     [2] PrincipalName,
    enc-part  [3] EncryptedData -- EncTicketPart
}



Methods defined here:
---------------------


__init__(self, obj)
Constructor
Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.








enum krb5_addrtype









enum krb5_adtype









enum krb5_application









enum krb5_ctype









enum krb5_etype









enum krb5_fatype









enum krb5_patype









enum krb5_principal









enum krb5_status









PA-DATA  ::= SEQUENCE {
    -- NOTE: first tag is [1], not [0]
    padata-type   [1] Int32,
    padata-value  [2] OCTET STRING
}



Methods defined here:
---------------------


__init__(self, obj)
Constructor
Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.










KerberosTime(stime, usec=None)
Convert floating point time to a DateStr object,
include the microseconds if given


Optional(obj, objtype)
Get Optional item of the given object type


SequenceOf(obj, objtype)
SEQUENCE OF: return list of the given object type








baseobj(3), packet.application.krb5_const(3),
    packet.derunpack(3), packet.utils(3)










No known bugs.








Jorge Mora (mora@netapp.com)







  

    21 March 2023
    NFStest 3.2