1KRB5(3) krb5 1.0 KRB5(3)
2
6 packet.application.krb5 - KRB5 module
7
9 Decode KRB5 layer Decoding using ASN.1 DER (Distinguished Encoding Rep‐
10 resentation)
11 RFC 4120 The Kerberos Network Authentication Service (V5) RFC 6113 A
13 Generalized Framework for Kerberos Pre-Authentication
14
16 class APOptions(packet.utils.OptionFlags)
17 AP Option flags
18 class AP_REP(baseobj.BaseObj)
21 AP-REP ::= [APPLICATION 15] SEQUENCE {
22 pvno [0] INTEGER (5),
23 msg-type [1] INTEGER (15),
24 enc-part [2] EncryptedData -- EncAPRepPart
25 }
26 Methods defined here:
29 ---------------------
30 __init__(self, obj)
32 class AP_REQ(baseobj.BaseObj)
34 AP-REQ ::= [APPLICATION 14] SEQUENCE {
35 pvno [0] INTEGER (5),
36 msg-type [1] INTEGER (14),
37 options [2] APOptions,
38 ticket [3] Ticket,
39 authenticator [4] EncryptedData -- Authenticator
40 }
41 Methods defined here:
44 ---------------------
45 __init__(self, obj)
47 class Checksum(baseobj.BaseObj)
49 Checksum ::= SEQUENCE {
50 cksumtype [0] Int32,
51 checksum [1] OCTET STRING
52 }
53 Methods defined here:
56 ---------------------
57 __init__(self, obj)
59 class EncryptedData(baseobj.BaseObj)
61 EncryptedData ::= SEQUENCE {
62 etype [0] Int32 -- EncryptionType --,
63 kvno [1] UInt32 OPTIONAL,
64 cipher [2] OCTET STRING -- ciphertext
65 }
66 Methods defined here:
69 ---------------------
70 __init__(self, obj)
72 class EtypeInfo2Entry(baseobj.BaseObj)
74 ETYPE-INFO2-ENTRY ::= SEQUENCE {
75 etype [0] Int32,
76 salt [1] KerberosString OPTIONAL,
77 s2kparams [2] OCTET STRING OPTIONAL
78 }
79 Methods defined here:
82 ---------------------
83 __init__(self, obj)
85 class HostAddress(baseobj.BaseObj)
87 HostAddress ::= SEQUENCE {
88 addr-type [0] Int32,
89 address [1] OCTET STRING
90 }
91 Methods defined here:
94 ---------------------
95 __init__(self, obj)
97 class KDCOptions(packet.utils.OptionFlags)
99 KDC Option flags
100 class KDC_REP(baseobj.BaseObj)
103 KDC-REP ::= SEQUENCE {
104 pvno [0] INTEGER (5),
105 msg-type [1] INTEGER (11 -- AS -- | 13 -- TGS --),
106 padata [2] SEQUENCE OF PA-DATA OPTIONAL
107 -- NOTE: not empty --,
108 crealm [3] Realm,
109 cname [4] PrincipalName,
110 ticket [5] Ticket,
111 enc-part [6] EncryptedData
112 -- EncASRepPart or EncTGSRepPart,
113 -- as appropriate
114 }
115 Methods defined here:
118 ---------------------
119 __init__(self, obj)
121 class KDC_REQ(baseobj.BaseObj)
123 KDC-REQ ::= SEQUENCE {
124 -- NOTE: first tag is [1], not [0]
125 pvno [1] INTEGER (5) ,
126 msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --),
127 padata [3] SEQUENCE OF PA-DATA OPTIONAL
128 -- NOTE: not empty --,
129 req-body [4] KDC-REQ-BODY
130 }
131 Methods defined here:
134 ---------------------
135 __init__(self, obj)
137 class KDC_REQ_BODY(baseobj.BaseObj)
139 KDC-REQ-BODY ::= SEQUENCE {
140 options [0] KDCOptions,
141 cname [1] PrincipalName OPTIONAL
142 -- Used only in AS-REQ --,
143 realm [2] Realm
144 -- Server's realm
145 -- Also client's in AS-REQ --,
146 sname [3] PrincipalName OPTIONAL,
147 from [4] KerberosTime OPTIONAL,
148 till [5] KerberosTime,
149 rtime [6] KerberosTime OPTIONAL,
150 nonce [7] UInt32,
151 etype [8] SEQUENCE OF Int32 -- EncryptionType
152 -- in preference order --,
153 addresses [9] HostAddresses OPTIONAL,
154 enc-authorization-data [10] EncryptedData OPTIONAL
155 -- AuthorizationData --,
156 additional-tickets [11] SEQUENCE OF Ticket OPTIONAL
157 -- NOTE: not empty
158 }
159 Methods defined here:
162 ---------------------
163 __init__(self, obj)
165 class KRB5(baseobj.BaseObj)
167 KRB5 object
168 Usage:
170 from packet.application.krb5 import KRB5
171 # Decode KRB5 layer
173 x = KRB5(pktt, proto)
174 Object definition:
176 KRB5(
178 appid = int, # Application Identifier
179 kdata = KDC_REQ|KDC_REP|KRB_ERROR
180 }
181 Methods defined here:
184 ---------------------
185 __init__(self, pktt, proto)
187 Constructor
188 Initialize object's private data.
190 pktt: Packet trace object (packet.pktt.Pktt) so this layer has
193 access to the parent layers.
194 proto: Transport layer protocol.
196 __nonzero__(self)
198 Truth value testing for the built-in operation bool()
199 class KRB_ERROR(baseobj.BaseObj)
201 KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
202 pvno [0] INTEGER (5),
203 msg-type [1] INTEGER (30),
204 ctime [2] KerberosTime OPTIONAL,
205 cusec [3] Microseconds OPTIONAL,
206 stime [4] KerberosTime,
207 susec [5] Microseconds,
208 error-code [6] Int32,
209 crealm [7] Realm OPTIONAL,
210 cname [8] PrincipalName OPTIONAL,
211 realm [9] Realm -- service realm --,
212 sname [10] PrincipalName -- service name --,
213 e-text [11] KerberosString OPTIONAL,
214 e-data [12] OCTET STRING OPTIONAL
215 }
216 Methods defined here:
219 ---------------------
220 __init__(self, obj)
222 class KrbFastArmor(baseobj.BaseObj)
224 KrbFastArmor ::= SEQUENCE {
225 armor-type [0] Int32,
226 -- Type of the armor.
227 armor-value [1] OCTET STRING,
228 -- Value of the armor.
229 }
230 Methods defined here:
233 ---------------------
234 __init__(self, obj)
236 class KrbFastArmoredRep(baseobj.BaseObj)
238 KrbFastArmoredRep ::= SEQUENCE {
239 enc-fast-rep [0] EncryptedData, -- KrbFastResponse --
240 -- The encryption key is the armor key in the request, and
241 -- the key usage number is KEY_USAGE_FAST_REP.
242 }
243 Methods defined here:
246 ---------------------
247 __init__(self, obj)
249 class KrbFastArmoredReq(baseobj.BaseObj)
251 KrbFastArmoredReq ::= SEQUENCE {
252 armor [0] KrbFastArmor OPTIONAL,
253 -- Contains the armor that identifies the armor key.
254 -- MUST be present in AS-REQ.
255 req-checksum [1] Checksum,
256 -- For AS, contains the checksum performed over the type
257 -- KDC-REQ-BODY for the req-body field of the KDC-REQ
258 -- structure;
259 -- For TGS, contains the checksum performed over the type
260 -- AP-REQ in the PA-TGS-REQ padata.
261 -- The checksum key is the armor key, the checksum
262 -- type is the required checksum type for the enctype of
263 -- the armor key, and the key usage number is
264 -- KEY_USAGE_FAST_REQ_CHKSUM.
265 enc-fast-req [2] EncryptedData, -- KrbFastReq --
266 -- The encryption key is the armor key, and the key usage
267 -- number is KEY_USAGE_FAST_ENC.
268 }
269 Methods defined here:
272 ---------------------
273 __init__(self, obj)
275 class PrincipalName(baseobj.BaseObj)
277 PrincipalName ::= SEQUENCE {
278 name-type [0] Int32,
279 name-string [1] SEQUENCE OF KerberosString
280 }
281 Methods defined here:
284 ---------------------
285 __init__(self, obj)
287 class Ticket(baseobj.BaseObj)
289 Ticket ::= [APPLICATION 1] SEQUENCE {
290 tkt-vno [0] INTEGER (5),
291 realm [1] Realm,
292 sname [2] PrincipalName,
293 enc-part [3] EncryptedData -- EncTicketPart
294 }
295 Methods defined here:
298 ---------------------
299 __init__(self, obj)
301 class krb5_addrtype(packet.utils.Enum)
303 enum krb5_addrtype
304 class krb5_adtype(packet.utils.Enum)
307 enum krb5_adtype
308 class krb5_application(packet.utils.Enum)
311 enum krb5_application
312 class krb5_ctype(packet.utils.Enum)
315 enum krb5_ctype
316 class krb5_etype(packet.utils.Enum)
319 enum krb5_etype
320 class krb5_fatype(packet.utils.Enum)
323 enum krb5_fatype
324 class krb5_patype(packet.utils.Enum)
327 enum krb5_patype
328 class krb5_principal(packet.utils.Enum)
331 enum krb5_principal
332 class krb5_status(packet.utils.Enum)
335 enum krb5_status
336 class paData(baseobj.BaseObj)
339 PA-DATA ::= SEQUENCE {
340 -- NOTE: first tag is [1], not [0]
341 padata-type [1] Int32,
342 padata-value [2] OCTET STRING
343 }
344 Methods defined here:
347 ---------------------
348 __init__(self, obj)
350
352 KerberosTime(stime, usec=None)
353 Convert floating point time to a DateStr object, include the microsec‐
354 onds if given
355 Optional(obj, objtype)
357 Get Optional item of the given object type
358 SequenceOf(obj, objtype)
360 SEQUENCE OF: return list of the given object type
361
363 baseobj(3), packet.derunpack(3), packet.utils(3)
364
367 No known bugs.
368
370 Jorge Mora (mora@netapp.com)
371NFStest 2.1.5 14 February 2017 KRB5(3)