[prev in list] [next in list] [prev in thread] [next in thread]
List: kerberos
Subject: Re: UDP and fragmentation
From: Nicolas Williams <Nicolas.Williams () oracle ! com>
Date: 2010-09-15 16:20:46
Message-ID: 20100915162046.GQ3982 () oracle ! com
[Download RAW message or body]
On Tue, Sep 14, 2010 at 04:45:25AM +0000, Victor Sudakov wrote:
> Greg Hudson wrote:
> > > BTW what can make Kerberos packets so big? Microsoft says: "Depending
> > > on a variety of factors including security identifier (SID) history
> > > and group membership, some accounts will have larger Kerberos
> > > authentication packet sizes." What's there inside? Long principal
> > > names? Long keys?
>
> > An Active Directory KDC will include authorization data within a
> > Kerberos ticket which includes the set of groups you are a member of.
> > If that's a lot of groups, then your ticket will be large.
>
> It is very interesting. Where is room in a Kerberos ticket for
> such data?
In the authorization-data field [of EncTicketPart]. See RFC4120.
Nico
--
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic