2.2.2.1 Kerberos Messages

Kerberos calls are formatted as KerbCredIsoRemoteInput objects (section 2.2.1.3.7), and responses are formatted as KerbCredIsoRemoteOutput objects (section 2.2.1.2.10). The structures, as defined in the IDL, are made primarily of unions. In this way, the single KerbCredIsoRemoteInput and KerbCredIsoRemoteOutput structure types can represent multiple Input and Output message pairs as documented in the following sections.

Some Kerberos messages make use of Abstract Syntax Notation One (ASN.1) structures, as specified in [ITUX680], and are encoded using Distinguished Encoding Rules (DER), as specified in [X690] section 10. The definitions of these structures are contained in [RFC4120] and [RFC6113]. When such structure packing is used, the data type of the message field is KERB_ASN1_DATA (section 2.2.1.2.1). These fields are used in order to pack standards-compliant, predefined Kerberos structures, avoiding additional overhead incurred by a custom data type in the Kerberos Interface Definition Language (IDL) file.