|
From: | Alberto Fondi |
Subject: | Re: The nonce |
Date: | Wed, 25 Oct 2006 15:02:15 +0200 |
User-agent: | Mozilla Thunderbird 1.5.0.7 (Windows/20060909) |
Simon Josefsson ha scritto:
On Tue, 2006-10-24 at 16:19 +0200, Alberto Fondi wrote:Hi, my problem is the next one: when i use shishi username i get the following message for exemple request nonce (len=4) 0590673c reply nonce (len=3) 90673cAS exchange failed: Replay protection value (nonce) differ between request and reply.but there is another strange thing: there are times when i type the same command and i get the ticket?How could you explain this behaviour of shishi?Hi! Interesting error, it seems that for some reason the server responds with a short 3 octet nonce:s. This might indicate a protocol error in Shishi or in the KDC. Which KDC is this? Can you find a pattern in the nonces that fail? I.e., do they all start with '0'? To find out what nonce was used for commands that succeed, you can use 'shishi -d' and then 'shishi -v -v|grep nonce'. /Simon
Hi Simom,i have made different test with shishi as client and shishid ad KDC and with the same account and i report you the nounce couples (request, reply):
request nonce (len=4) 1fd69fea reply nonce (len=1) ea request nonce (len=4) 766e2dd0 reply nonce (len=1) d0 request nonce (len=4) 64e27ec2 reply nonce (len=1) c2 request nonce (len=4) 1551d4af reply nonce (len=1) af request nonce (len=4) 6625fc6d reply nonce (len=2) fc6d request nonce (len=4) 6cc4edc5 reply nonce (len=1) c5 request nonce (len=4) 6cf3b668 reply nonce (len=2) b668 request nonce (len=4) 37b72c09 reply nonce (len=3) b72c09 request nonce (len=4) 534f36d8 reply nonce (len=1) d8As you suggested me, and as you can see from these tests, it seems like the reply nonce is only the last part of the request nonce, but the lenght of this part is variable!.
Could it be a pointer offset error ? Alberto
[Prev in Thread] | Current Thread | [Next in Thread] |