add comment on variant of data types used for PA-DATA

author John Kohl <jtkohl@mit.edu>

Mon, 17 Dec 1990 14:36:29 +0000 (14:36 +0000)

committer John Kohl <jtkohl@mit.edu>

Mon, 17 Dec 1990 14:36:29 +0000 (14:36 +0000)
author John Kohl <jtkohl@mit.edu>
Mon, 17 Dec 1990 14:36:29 +0000 (14:36 +0000)
committer John Kohl <jtkohl@mit.edu>
Mon, 17 Dec 1990 14:36:29 +0000 (14:36 +0000)
diff --git a/src/lib/krb5/asn.1/KRB5-asn.py b/src/lib/krb5/asn.1/KRB5-asn.py

index c0fc1a4f91d47c7b6ad34afca0914fa6fe3e0a2c..e6a6e2a247b6d40182b1777ec8b546b7fa326e0b 100644 (file)
--- a/src/lib/krb5/asn.1/KRB5-asn.py
+++ b/src/lib/krb5/asn.1/KRB5-asn.py
@@ -126,6 +126,14 @@ TGS-REQ ::= [APPLICATION 12] SEQUENCE {
  -- the preceding two sequences MUST be the same except for the
  -- APPLICATION identifier
  
+-- Note that the RFC specifies that PA-DATA is just a SEQUENCE, and when
+-- it appears in the messages, it's a SEQUENCE OF PA-DATA.
+-- However, this has an identical encoding to the data defined here,
+-- which has PA-DATA as SEQUENCE OF SEQUENCE, and the messages use a
+-- straight PA-DATA. This has the advantage (at least under ISODE) of
+-- giving a "known" name to the PA-DATA array, making it more easily
+-- manipulated by "glue code".
+
  PA-DATA ::=    SEQUENCE OF SEQUENCE {
         padata-type[1]  INTEGER,
         pa-data[2]      OCTET STRING -- might be encoded AP-REQ
author	John Kohl <jtkohl@mit.edu>
	Mon, 17 Dec 1990 14:36:29 +0000 (14:36 +0000)
committer	John Kohl <jtkohl@mit.edu>
	Mon, 17 Dec 1990 14:36:29 +0000 (14:36 +0000)