KDC cookie format¶
RFC 6113 section 5.2 specifies a pa-data type PA-FX-COOKIE, which clients are required to reflect back to the KDC during pre-authentication. The MIT krb5 KDC uses the following formats for cookies.
Trivial cookie (version 0)¶
If there is no pre-authentication mechanism state information to save, a trivial cookie containing the value “MIT” is used. A trivial cookie is needed to indicate that the conversation can continue.
Secure cookie (version 1)¶
In release 1.14 and later, a secure cookie can be sent if there is any mechanism state to save for the next request. A secure cookie contains the concatenation of the following:
- the four bytes “MIT1”
- a four-byte big-endian kvno value
- an RFC 3961 ciphertext
The ciphertext is encrypted in the cookie key with key usage number 513. The cookie key is derived from a key in the local krbtgt principal entry for the realm (e.g. krbtgt/KRBTEST.COM@KRBTEST.COM if the request is to the KRBTEST.COM realm). The first krbtgt key for the indicated kvno value is combined with the client principal as follows:
cookie-key <- random-to-key(PRF+(tgt-key, "COOKIE" | client-princ))
where random-to-key is the RFC 3961 random-to-key operation for the krbtgt key’s encryption type, PRF+ is defined in RFC 6113, and | denotes concatenation. client-princ is the request client principal name with realm, marshalled according to RFC 1964 section 2.1.1.
The plain text of the encrypted part of a cookie is the DER encoding of the following ASN.1 type:
SecureCookie ::= SEQUENCE {
time INTEGER,
data SEQUENCE OF PA-DATA,
...
}
The time field represents the cookie creation time; for brevity, it is encoded as an integer giving the POSIX timestamp rather than as an ASN.1 GeneralizedTime value. The data field contains one element for each pre-authentication type which requires saved state. For mechanisms which have separate request and reply types, the request type is used; this allows the KDC to determine whether a cookie is relevant to a request by comparing the request pa-data types to the cookie data types.