📄 k5.asn1
字号:
ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRYETYPE-INFO2-ENTRY ::= SEQUENCE { etype[0] ENCTYPE, salt[1] KerberosString OPTIONAL, s2kparams[2] OCTET STRING OPTIONAL}ETYPE-INFO2 ::= SEQUENCE SIZE (1..MAX) OF ETYPE-INFO2-ENTRYMETHOD-DATA ::= SEQUENCE OF PA-DATATypedData ::= SEQUENCE { data-type[0] krb5int32, data-value[1] OCTET STRING OPTIONAL}TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF TypedDataKDC-REQ-BODY ::= SEQUENCE { kdc-options[0] KDCOptions, cname[1] PrincipalName OPTIONAL, -- Used only in AS-REQ realm[2] Realm, -- Server's realm -- Also client's in AS-REQ sname[3] PrincipalName OPTIONAL, from[4] KerberosTime OPTIONAL, till[5] KerberosTime OPTIONAL, rtime[6] KerberosTime OPTIONAL, nonce[7] krb5int32, etype[8] SEQUENCE OF ENCTYPE, -- EncryptionType, -- in preference order addresses[9] HostAddresses OPTIONAL, enc-authorization-data[10] EncryptedData OPTIONAL, -- Encrypted AuthorizationData encoding additional-tickets[11] SEQUENCE OF Ticket OPTIONAL}KDC-REQ ::= SEQUENCE { pvno[1] krb5int32, msg-type[2] MESSAGE-TYPE, padata[3] METHOD-DATA OPTIONAL, req-body[4] KDC-REQ-BODY}AS-REQ ::= [APPLICATION 10] KDC-REQTGS-REQ ::= [APPLICATION 12] KDC-REQ-- padata-type ::= PA-ENC-TIMESTAMP-- padata-value ::= EncryptedData - PA-ENC-TS-ENCPA-ENC-TS-ENC ::= SEQUENCE { patimestamp[0] KerberosTime, -- client's time pausec[1] krb5int32 OPTIONAL}-- draft-brezak-win2k-krb-authz-01PA-PAC-REQUEST ::= SEQUENCE { include-pac[0] BOOLEAN -- Indicates whether a PAC -- should be included or not}-- PacketCable provisioning server location, PKT-SP-SEC-I09-030728.pdfPROV-SRV-LOCATION ::= GeneralStringKDC-REP ::= SEQUENCE { pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, padata[2] METHOD-DATA OPTIONAL, crealm[3] Realm, cname[4] PrincipalName, ticket[5] Ticket, enc-part[6] EncryptedData}AS-REP ::= [APPLICATION 11] KDC-REPTGS-REP ::= [APPLICATION 13] KDC-REPEncKDCRepPart ::= SEQUENCE { key[0] EncryptionKey, last-req[1] LastReq, nonce[2] krb5int32, key-expiration[3] KerberosTime OPTIONAL, flags[4] TicketFlags, authtime[5] KerberosTime, starttime[6] KerberosTime OPTIONAL, endtime[7] KerberosTime, renew-till[8] KerberosTime OPTIONAL, srealm[9] Realm, sname[10] PrincipalName, caddr[11] HostAddresses OPTIONAL, encrypted-pa-data[12] METHOD-DATA OPTIONAL}EncASRepPart ::= [APPLICATION 25] EncKDCRepPartEncTGSRepPart ::= [APPLICATION 26] EncKDCRepPartAP-REQ ::= [APPLICATION 14] SEQUENCE { pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, ap-options[2] APOptions, ticket[3] Ticket, authenticator[4] EncryptedData}AP-REP ::= [APPLICATION 15] SEQUENCE { pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, enc-part[2] EncryptedData}EncAPRepPart ::= [APPLICATION 27] SEQUENCE { ctime[0] KerberosTime, cusec[1] krb5int32, subkey[2] EncryptionKey OPTIONAL, seq-number[3] krb5uint32 OPTIONAL}KRB-SAFE-BODY ::= SEQUENCE { user-data[0] OCTET STRING, timestamp[1] KerberosTime OPTIONAL, usec[2] krb5int32 OPTIONAL, seq-number[3] krb5uint32 OPTIONAL, s-address[4] HostAddress OPTIONAL, r-address[5] HostAddress OPTIONAL}KRB-SAFE ::= [APPLICATION 20] SEQUENCE { pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, safe-body[2] KRB-SAFE-BODY, cksum[3] Checksum}KRB-PRIV ::= [APPLICATION 21] SEQUENCE { pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, enc-part[3] EncryptedData}EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE { user-data[0] OCTET STRING, timestamp[1] KerberosTime OPTIONAL, usec[2] krb5int32 OPTIONAL, seq-number[3] krb5uint32 OPTIONAL, s-address[4] HostAddress OPTIONAL, -- sender's addr r-address[5] HostAddress OPTIONAL -- recip's addr}KRB-CRED ::= [APPLICATION 22] SEQUENCE { pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, -- KRB_CRED tickets[2] SEQUENCE OF Ticket, enc-part[3] EncryptedData}KrbCredInfo ::= SEQUENCE { key[0] EncryptionKey, prealm[1] Realm OPTIONAL, pname[2] PrincipalName OPTIONAL, flags[3] TicketFlags OPTIONAL, authtime[4] KerberosTime OPTIONAL, starttime[5] KerberosTime OPTIONAL, endtime[6] KerberosTime OPTIONAL, renew-till[7] KerberosTime OPTIONAL, srealm[8] Realm OPTIONAL, sname[9] PrincipalName OPTIONAL, caddr[10] HostAddresses OPTIONAL}EncKrbCredPart ::= [APPLICATION 29] SEQUENCE { ticket-info[0] SEQUENCE OF KrbCredInfo, nonce[1] krb5int32 OPTIONAL, timestamp[2] KerberosTime OPTIONAL, usec[3] krb5int32 OPTIONAL, s-address[4] HostAddress OPTIONAL, r-address[5] HostAddress OPTIONAL}KRB-ERROR ::= [APPLICATION 30] SEQUENCE { pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, ctime[2] KerberosTime OPTIONAL, cusec[3] krb5int32 OPTIONAL, stime[4] KerberosTime, susec[5] krb5int32, error-code[6] krb5int32, crealm[7] Realm OPTIONAL, cname[8] PrincipalName OPTIONAL, realm[9] Realm, -- Correct realm sname[10] PrincipalName, -- Correct name e-text[11] GeneralString OPTIONAL, e-data[12] OCTET STRING OPTIONAL}ChangePasswdDataMS ::= SEQUENCE { newpasswd[0] OCTET STRING, targname[1] PrincipalName OPTIONAL, targrealm[2] Realm OPTIONAL}EtypeList ::= SEQUENCE OF krb5int32 -- the client's proposed enctype list in -- decreasing preference order, favorite choice firstkrb5-pvno krb5int32 ::= 5 -- current Kerberos protocol version number-- transited encodingsDOMAIN-X500-COMPRESS krb5int32 ::= 1-- authorization data primitivesAD-IF-RELEVANT ::= AuthorizationDataAD-KDCIssued ::= SEQUENCE { ad-checksum[0] Checksum, i-realm[1] Realm OPTIONAL, i-sname[2] PrincipalName OPTIONAL, elements[3] AuthorizationData}AD-AND-OR ::= SEQUENCE { condition-count[0] INTEGER, elements[1] AuthorizationData}AD-MANDATORY-FOR-KDC ::= AuthorizationData-- PA-SAM-RESPONSE-2/PA-SAM-RESPONSE-2PA-SAM-TYPE ::= INTEGER { PA_SAM_TYPE_ENIGMA(1), -- Enigma Logic PA_SAM_TYPE_DIGI_PATH(2), -- Digital Pathways PA_SAM_TYPE_SKEY_K0(3), -- S/key where KDC has key 0 PA_SAM_TYPE_SKEY(4), -- Traditional S/Key PA_SAM_TYPE_SECURID(5), -- Security Dynamics PA_SAM_TYPE_CRYPTOCARD(6) -- CRYPTOCard}PA-SAM-REDIRECT ::= HostAddressesSAMFlags ::= BIT STRING { use-sad-as-key(0), send-encrypted-sad(1), must-pk-encrypt-sad(2)}PA-SAM-CHALLENGE-2-BODY ::= SEQUENCE { sam-type[0] krb5int32, sam-flags[1] SAMFlags, sam-type-name[2] GeneralString OPTIONAL, sam-track-id[3] GeneralString OPTIONAL, sam-challenge-label[4] GeneralString OPTIONAL, sam-challenge[5] GeneralString OPTIONAL, sam-response-prompt[6] GeneralString OPTIONAL, sam-pk-for-sad[7] EncryptionKey OPTIONAL, sam-nonce[8] krb5int32, sam-etype[9] krb5int32, ...}PA-SAM-CHALLENGE-2 ::= SEQUENCE { sam-body[0] PA-SAM-CHALLENGE-2-BODY, sam-cksum[1] SEQUENCE OF Checksum, -- (1..MAX) ...}PA-SAM-RESPONSE-2 ::= SEQUENCE { sam-type[0] krb5int32, sam-flags[1] SAMFlags, sam-track-id[2] GeneralString OPTIONAL, sam-enc-nonce-or-sad[3] EncryptedData, -- PA-ENC-SAM-RESPONSE-ENC sam-nonce[4] krb5int32, ...}PA-ENC-SAM-RESPONSE-ENC ::= SEQUENCE { sam-nonce[0] krb5int32, sam-sad[1] GeneralString OPTIONAL, ...}PA-S4U2Self ::= SEQUENCE { name[0] PrincipalName, realm[1] Realm, cksum[2] Checksum, auth[3] GeneralString}KRB5SignedPathPrincipals ::= SEQUENCE OF Principal-- never encoded on the wire, just used to checksum overKRB5SignedPathData ::= SEQUENCE { encticket[0] EncTicketPart, delegated[1] KRB5SignedPathPrincipals OPTIONAL}KRB5SignedPath ::= SEQUENCE { -- DERcoded KRB5SignedPathData -- krbtgt key (etype), KeyUsage = XXX etype[0] ENCTYPE, cksum[1] Checksum, -- srvs delegated though delegated[2] KRB5SignedPathPrincipals OPTIONAL}PA-ClientCanonicalizedNames ::= SEQUENCE{ requested-name [0] PrincipalName, real-name [1] PrincipalName}PA-ClientCanonicalized ::= SEQUENCE { names [0] PA-ClientCanonicalizedNames, canon-checksum [1] Checksum}AD-LoginAlias ::= SEQUENCE { -- ad-type number TBD -- login-alias [0] PrincipalName, checksum [1] Checksum}-- old ms referralPA-SvrReferralData ::= SEQUENCE { referred-name [1] PrincipalName OPTIONAL, referred-realm [0] Realm}END-- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' k5.asn1⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -