errata logo graphic

Found 1 record.

Status: Verified (1)

RFC3182, "Identity Representation for RSVP", October 2001

Source of RFC: rap (ops)

Errata ID: 2958

Status: Verified
Type: Technical

Reported By: Marco Molteni
Date Reported: 2011-09-07
Verifier Name: ron bonica
Date Verified: 2011-09-09

Section 6.3 says:

6.3 Authentication (Router/PDP)

[..]

   2. Verify user credential

[..]

      -  Kerberos: Send the Kerberos ticket to the KDC to obtain the
         session key.  Using the session key authenticate the user.

It should say:

Kerberos: Extract the session key from the ticket. Use the session key to authenticate the user.

Notes:

The corrected text is only an example. The most important point is that Kerberos doesn't require the server to contact the KDC, all the information is already in the kerberos authenticator and ticket sent by the client.

See this email exchange from 2001 :-) http://psg.com/lists/rap/rap.2001/msg00269.html where the same issue is raised by Hannes Tschofenig and confirmed by one of the RFC authors, R. Hess.


Report New Errata