On 12/28/2017 02:18 AM, William HARDY wrote: > What is supposed to be in the TGS-REQ > (Kerberos->tgs-req->req-body->sname->name-string->KerberosString: ? )
sname contains the server principal name. RFC 4120 describes the protocol in detail. > It seems that from the same machine (resolving on the same DNS servers), the > contents of this field differs in a Wireshark capture depending on the > application used event though the destination server is the same. What is > supposed to be in “KerberosString” field ? What determines the content of > this field ? It is common for server principal names to have two components (two KerberosStrings in the name-string sequence), where the first names the application protocol and the second names the server host. So the first component might be "host" (typically for ssh) or "ldap" or "HTTP", and the second is the FQDN of the server host. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
