> checked in
Thanks!
> i assume you run it over tcp?
Yeah, our QA guys love to test using giganto PACs,
which forces kerb / kpasswd to TCP.
> maybe you can ... upload your example capture
Added to http://wiki.ethereal.com/SampleCaptures, under
your existing kerberos section. :-)
This is a bit silly, but I got lost trying to figure out
how to add a protocol page. It appears that both
Protocols/kpasswd and kpasswd should be created, with the
former being a redirect to the latter? If there's a page
in there that describes how to add a protocol, I didn't
find it.
> did you check that kpasswd decryption still works over tcp
If you mean ethereal, I've never tried turning on kerb
decryption in ethereal.
Hmm, not quite sure how to test that -- would need to get the
keytab of the system which the AP-REQ is aimed at, and that's
an AD DC in our case (win2k or win2k3). Any idea how to derive
a keytab for an AD DC?
regards, Eric
-----Original Message-----
From: ronnie sahlberg [mailto:ronniesahlberg@xxxxxxxxx]
Sent: Thursday, December 22, 2005 7:46 PM
To: Ethereal development
Cc: Eric Wedel
Subject: Re: patch to dissect kpasswd over tcp
checked in
nice. i have never seen kpasswd over anything else than udp myself
before but i assume you run it over tcp?
anyway nice,
maybe you can add a small kpasswd page to the wiki and upload your
example capture to that page?
(did you check that kpasswd decryption still works over tcp it
should work but it wouldnt hurt to test)
best regards
ronnie s
On 12/23/05, Eric Wedel <ewedel@xxxxxxxxxxx> wrote:
> Hi..
>
> RFC 3244 says kpasswd can use UDP or TCP, the dissector was only doing UDP.
> The attached patch adds TCP support, including PDU reassembly. The
> reassembly
> code is modelled on the kerberos dissector, and in fact TCP "record mark"
> handling
> is shared between the two dissectors.
>
> Comments and/or checkin appreciated.
>
> A sample capture showing kpasswd-over-TCP is also attached.
>
> thanks,
> Eric Wedel
>
>
>
> Eric, BlueArc Engineering
>
>
>
