Lines Matching +full:inside +full:- +full:secure

6     <meta charset="utf-8" />
7 …<meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="generator" con…
13 …<script data-url_root="../" id="documentation_options" src="../_static/documentation_options.js"><…
24     <div class="header-wrapper">
42     <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__KDC cookie format">feedback</a>
47     <div class="content-wrapper">
55   <section id="kdc-cookie-format">
56 <h1>KDC cookie format<a class="headerlink" href="#kdc-cookie-format" title="Permalink to this headl…
57-0"></span><a class="rfc reference external" href="https://tools.ietf.org/html/rfc6113.html"><stro…
59 pre-authentication.  The MIT krb5 KDC uses the following formats for
61 <section id="trivial-cookie-version-0">
62 <h2>Trivial cookie (version 0)<a class="headerlink" href="#trivial-cookie-version-0" title="Permali…
63 <p>If there is no pre-authentication mechanism state information to save,
67 <section id="secure-cookie-version-1">
68 <h2>Secure cookie (version 1)<a class="headerlink" href="#secure-cookie-version-1" title="Permalink…
69 <p>In release 1.14 and later, a secure cookie can be sent if there is any
70 mechanism state to save for the next request.  A secure cookie
74 <li><p>a four-byte big-endian kvno value</p></li>
75 <li><p>an <span class="target" id="index-1"></span><a class="rfc reference external" href="https://…
83-default notranslate"><div class="highlight"><pre><span></span><span class="n">cookie</span><span …
86-to-key</strong> is the <span class="target" id="index-2"></span><a class="rfc reference external"…
87 …ion type, <strong>PRF+</strong> is defined in <span class="target" id="index-3"></span><a class="r…
88 …nslate"><span class="pre">|</span></code> denotes concatenation.  <em>client-princ</em> is the req…
89 principal name with realm, marshalled according to <span class="target" id="index-4"></span><a clas…
93 <div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="n"…
95 …E</span> <span class="n">OF</span> <span class="n">PA</span><span class="o">-</span><span class="n…
103 each pre-authentication type which requires saved state.  For
106 relevant to a request by comparing the request pa-data types to the
109 <section id="spake-cookie-format-version-1">
110 <h2>SPAKE cookie format (version 1)<a class="headerlink" href="#spake-cookie-format-version-1" titl…
111 <p>Inside the SecureCookie wrapper, a data value of type 151 contains
112 state for SPAKE pre-authentication.  This data is the concatenation of
115 <li><p>a two-byte big-endian version number with the value 1</p></li>
116 <li><p>a two-byte big-endian stage number</p></li>
117 <li><p>a four-byte big-endian group number</p></li>
118 <li><p>a four-byte big-endian length and data for the SPAKE value</p></li>
119 <li><p>a four-byte big-endian length and data for the transcript hash</p></li>
121 - a four-byte big-endian second-factor type
122 - a four-byte big-endian length and data</p></li>
128 <p>For a stage-0 cookie, the SPAKE value is the KDC private key,
132 <p>For a stage-0 cookie, the transcript hash is the intermediate hash
135 <p>For a stage-0 cookie, there may be any number of second-factor
136 records, including none; a second-factor type need not create a state
137 field if it does not need one, and no record is created for SF-NONE.
138 For other cookies, there must be exactly one second-factor record
154 <li><a class="reference internal" href="#trivial-cookie-version-0">Trivial cookie (version 0)</a></…
155 <li><a class="reference internal" href="#secure-cookie-version-1">Secure cookie (version 1)</a></li>
156 <li><a class="reference internal" href="#spake-cookie-format-version-1">SPAKE cookie format (versio…
164 <li class="toctree-l1"><a class="reference internal" href="../user/index.html">For users</a></li>
165 <li class="toctree-l1"><a class="reference internal" href="../admin/index.html">For administrators<…
166 <li class="toctree-l1"><a class="reference internal" href="../appdev/index.html">For application de…
167 <li class="toctree-l1"><a class="reference internal" href="../plugindev/index.html">For plugin modu…
168 <li class="toctree-l1"><a class="reference internal" href="../build/index.html">Building Kerberos V…
169 <li class="toctree-l1"><a class="reference internal" href="../basic/index.html">Kerberos V5 concept…
170 <li class="toctree-l1 current"><a class="reference internal" href="index.html">Protocols and file f…
171 <li class="toctree-l2"><a class="reference internal" href="ccache_file_format.html">Credential cach…
172 <li class="toctree-l2"><a class="reference internal" href="keytab_file_format.html">Keytab file for…
173 <li class="toctree-l2"><a class="reference internal" href="rcache_file_format.html">Replay cache fi…
174 <li class="toctree-l2 current"><a class="current reference internal" href="#">KDC cookie format</a>…
175 <li class="toctree-l2"><a class="reference internal" href="freshness_token.html">PKINIT freshness t…
178 <li class="toctree-l1"><a class="reference internal" href="../mitK5features.html">MIT Kerberos feat…
179 <li class="toctree-l1"><a class="reference internal" href="../build_this.html">How to build this do…
180 <li class="toctree-l1"><a class="reference internal" href="../about.html">Contributing to the MIT K…
181 <li class="toctree-l1"><a class="reference internal" href="../resources.html">Resources</a></li>
199     <div class="footer-wrapper">
202                 &copy; <a href="../copyright.html">Copyright</a> 1985-2024, MIT.
216     <a href="mailto:krb5-bugs@mit.edu?subject=Documentation__KDC cookie format">feedback</a>