/// <summary> /// Create context /// </summary> /// <param name="domain">Domain name</param> /// <param name="cName">Principal name</param> /// <param name="password">Password of principal</param> /// <param name="accountType">Accoundtype, user or device</param> /// <param name="armorTicket">Computer TGT as armor ticket</param> /// <param name="armorSessionKey">Computer TGS session key as armor session key</param> public KerberosContext(string domain, string cName, string password, KerberosAccountType accountType, string salt, KerberosTicket armorTicket, EncryptionKey armorSessionKey) : this(domain, cName, password, accountType, salt) { this.ArmorTicket = armorTicket; this.ArmorSessionKey = armorSessionKey; this.SelectedEType = (EncryptionType)this.ArmorTicket.SessionKey.keytype.Value; }
/// <summary> /// Construct a Kerberos test client for FAST /// </summary> /// <param name="domain">The realm part of the client's principal identifier. /// This argument cannot be null.</param> /// <param name="cName">The account to logon the remote machine. Either user account or computer account /// This argument cannot be null.</param> /// <param name="password">The password of the user. This argument cannot be null.</param> /// <param name="accountType">The type of the logon account. User or Computer</param> public KerberosFunctionalClient(string domain, string cName, string password, KerberosAccountType accountType, KerberosTicket armorTicket, EncryptionKey armorSessionKey, string kdcAddress, int kdcPort, TransportType transportType, KerberosConstValue.OidPkt omiPkt, ITestSite baseTestSite) : base(domain, cName, password, accountType, armorTicket, armorSessionKey, kdcAddress, kdcPort, transportType, omiPkt) { testSite = baseTestSite; if (accountType == KerberosAccountType.Device) { testSite.Log.Add(LogEntryKind.Debug, "Construct Kerberos client using computer account: {0}@{1}.", cName, domain); } else { testSite.Log.Add(LogEntryKind.Debug, "Construct Kerberos client using user account: {0}@{1}.", cName, domain); } EncryptionType[] encryptionTypes = new EncryptionType[] { EncryptionType.AES256_CTS_HMAC_SHA1_96, EncryptionType.AES128_CTS_HMAC_SHA1_96, EncryptionType.RC4_HMAC, EncryptionType.RC4_HMAC_EXP, EncryptionType.DES_CBC_CRC, EncryptionType.DES_CBC_MD5 }; KerbInt32[] etypes = new KerbInt32[encryptionTypes.Length]; for (int i = 0; i < encryptionTypes.Length; i++) { etypes[i] = new KerbInt32((int)encryptionTypes[i]); } Asn1SequenceOf<KerbInt32> etype = new Asn1SequenceOf<KerbInt32>(etypes); Context.SupportedEType = etype; Context.Pvno = KerberosConstValue.KERBEROSV5; }
/// <summary> /// Create context /// </summary> /// <param name="domain">Domain name</param> /// <param name="cName">Principal name</param> /// <param name="password">Password of principal</param> /// <param name="accountType">Accoundtype, user or device</param> public KerberosContext(string domain, string cName, string password, KerberosAccountType accountType, string salt = null) : this() { if (domain == null) { throw new ArgumentNullException("domain"); } if (cName == null) { throw new ArgumentNullException("cName"); } if (password == null) { throw new ArgumentNullException("password"); } this.Realm = new Realm(domain); PrincipalName name = new PrincipalName(new KerbInt32((int)PrincipalType.NT_PRINCIPAL), KerberosUtility.String2SeqKerbString(cName)); if (null == salt) { if (accountType == KerberosAccountType.User) salt = KerberosUtility.GenerateSalt(domain, cName, accountType); else if (accountType == KerberosAccountType.Device) salt = KerberosUtility.GenerateSalt(domain, cName, accountType); else { throw new ArgumentOutOfRangeException("Account type not support"); } } this.CName = new Principal(accountType, this.Realm, name, password, salt); }
/// <summary> /// Generate client account's salt. /// </summary> /// <param name="domain">The realm part of the client's principal identifier. /// This argument cannot be null.</param> /// <param name="cName">The account to logon the remote machine. Either user account or computer account /// This argument cannot be null.</param> /// <param name="accountType">The type of the logon account. User or Computer</param> /// <returns>Client account's salt</returns> /// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception> /// <exception cref="System.NotSupportedException">Thrown when the account type is neither user nor computer. /// </exception> public static string GenerateSalt(string domain, string cName, KerberosAccountType accountType) { if (domain == null) { throw new ArgumentNullException("domain"); } if (cName == null) { throw new ArgumentNullException("cName"); } string salt; if (accountType == KerberosAccountType.User) { salt = domain.ToUpper() + cName; } else if (accountType == KerberosAccountType.Device) { string computerName = cName; if (cName.EndsWith("$")) { computerName = cName.Substring(0, cName.Length - 1); } salt = domain.ToUpper() + "host" + computerName.ToLower() + "." + domain.ToLower(); } else { throw new NotSupportedException("Kile only support user or computer account."); } return(salt); }
/// <summary> /// Constructor /// </summary> /// <param name="type">Type of Principal</param> /// <param name="name">Principal name</param> /// <param name="password">Password of principal</param> /// <param name="salt">Salt of principal</param> public Principal(KerberosAccountType type, string realm, string name, string password, string salt) { Type = type; Realm = new Realm(realm); Name = new PrincipalName(new KerbInt32((int)PrincipalType.NT_PRINCIPAL), KerberosUtility.String2SeqKerbString(name)); Password = password; Salt = salt; }
/// <summary> /// Constructor /// </summary> /// <param name="type">Type of Principal</param> /// <param name="name">Principal name</param> /// <param name="password">Password of principal</param> public Principal(KerberosAccountType type, Realm realm, PrincipalName name, string password, string salt) { Type = type; Realm = realm; Name = name; Password = password; Salt = salt; }
/// <summary> /// Create a KileClient instance. /// </summary> /// <param name="domain">The realm part of the client's principal identifier. /// This argument cannot be null.</param> /// <param name="cName">The account to logon the remote machine. Either user account or computer account /// This argument cannot be null.</param> /// <param name="password">The password of the user. This argument cannot be null.</param> /// <param name="accountType">The type of the logon account. User or Computer</param> /// <param name="kdcAddress">The IP address of the KDC.</param> /// <param name="kdcPort">The port of the KDC.</param> /// <param name="transportType">Whether the transport is TCP or UDP transport.</param> /// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception> public KerberosClient(string domain, string cName, string password, KerberosAccountType accountType, string kdcAddress, int kdcPort, TransportType transportType, KerberosConstValue.OidPkt oidPkt = KerberosConstValue.OidPkt.KerberosToken, string salt = null) { TransportBufferSize = KerberosConstValue.TRANSPORT_BUFFER_SIZE; this.Context = new KerberosContext(domain, cName, password, accountType, salt); this.kdcAddress = kdcAddress; this.kdcPort = kdcPort; this.transportType = transportType; this.oidPkt = oidPkt; this.Context.TransportType = transportType; }
/// <summary> /// Create a KileClient instance. /// </summary> /// <param name="domain">The realm part of the client's principal identifier. /// This argument cannot be null.</param> /// <param name="cName">The account to logon the remote machine. Either user account or computer account /// This argument cannot be null.</param> /// <param name="password">The password of the user. This argument cannot be null.</param> /// <param name="accountType">The type of the logon account. User or Computer</param> /// <param name="kdcAddress">The IP address of the KDC.</param> /// <param name="kdcPort">The port of the KDC.</param> /// <param name="transportType">Whether the transport is TCP or UDP transport.</param> /// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception> public KerberosClient(string domain, string cName, string password, KerberosAccountType accountType, KerberosTicket armorTicket, EncryptionKey armorSessionKey, string kdcAddress, int kdcPort, TransportType transportType, KerberosConstValue.OidPkt oidPkt = KerberosConstValue.OidPkt.KerberosToken, string salt = null) { TransportBufferSize = KerberosConstValue.TRANSPORT_BUFFER_SIZE; this.Context = new KerberosContext(domain, cName, password, accountType, salt, armorTicket, armorSessionKey); this.kdcAddress = kdcAddress; this.kdcPort = kdcPort; this.transportType = transportType; this.oidPkt = oidPkt; this.Context.TransportType = transportType; }
/// <summary> /// Generate a new NlmpClient Security Context /// </summary> /// <param name="domain" cref="KerberosClientCredential">Login user Credential</param> /// <param name="accountType">The type of the logon account. User or Computer</param> /// <param name="kdcAddress">The IP address of the KDC.</param> /// <param name="kdcPort">The port of the KDC.</param> /// <param name="transportType">Whether the transport is TCP or UDP transport.</param> /// <returns></returns> public static ClientSecurityContext CreateClientSecurityContext( string serverName, AccountCredential credential, KerberosAccountType accountType, IPAddress kdcAddress, int kdcPort, TransportType transportType, ClientSecurityContextAttribute contextAttribute, KerberosConstValue.OidPkt oidPkt = KerberosConstValue.OidPkt.KerberosToken, string salt = null ) { return(new KerberosClientSecurityContext(serverName, credential, accountType, kdcAddress, kdcPort, transportType, contextAttribute, oidPkt, salt)); }
/// <summary> /// Create a KerberosClientSecurityContext instance. /// </summary> /// <param name="domain" cref="KerberosClientCredential">Login user Credential</param> /// <param name="accountType">The type of the logon account. User or Computer</param> /// <param name="kdcAddress">The IP address of the KDC.</param> /// <param name="kdcPort">The port of the KDC.</param> /// <param name="transportType">Whether the transport is TCP or UDP transport.</param> /// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception> public KerberosClientSecurityContext( string serverName, AccountCredential credential, KerberosAccountType accountType, IPAddress kdcAddress, int kdcPort, TransportType transportType, ClientSecurityContextAttribute contextAttribute, KerberosConstValue.OidPkt oidPkt = KerberosConstValue.OidPkt.KerberosToken, string salt = null ) { this.credential = credential; this.serverName = serverName; this.contextAttribute = contextAttribute; this.client = new KerberosClient(this.credential.DomainName, this.credential.AccountName, this.credential.Password, accountType, kdcAddress, kdcPort, transportType, oidPkt, salt); this.UpdateDefaultSettings(); }
/// <summary> /// Create context /// </summary> /// <param name="domain">Domain name</param> /// <param name="cName">Principal name</param> /// <param name="password">Password of principal</param> /// <param name="accountType">Accoundtype, user or device</param> public KerberosContext(string domain, string cName, string password, KerberosAccountType accountType, string salt = null) : this() { if (domain == null) { throw new ArgumentNullException("domain"); } if (cName == null) { throw new ArgumentNullException("cName"); } if (password == null) { throw new ArgumentNullException("password"); } this.Realm = new Realm(domain); PrincipalName name = new PrincipalName(new KerbInt32((int)PrincipalType.NT_PRINCIPAL), KerberosUtility.String2SeqKerbString(cName)); if (null == salt) { if (accountType == KerberosAccountType.User) { salt = KerberosUtility.GenerateSalt(domain, cName, accountType); } else if (accountType == KerberosAccountType.Device) { salt = KerberosUtility.GenerateSalt(domain, cName, accountType); } else { throw new ArgumentOutOfRangeException("Account type not support"); } } this.CName = new Principal(accountType, this.Realm, name, password, salt); }
/// <summary> /// Construct a Kerberos test client /// </summary> /// <param name="domain">The realm part of the client's principal identifier. /// This argument cannot be null.</param> /// <param name="cName">The account to logon the remote machine. Either user account or computer account /// This argument cannot be null.</param> /// <param name="password">The password of the user. This argument cannot be null.</param> /// <param name="accountType">The type of the logged on account. User or Computer</param> public KerberosTestClient(string domain, string cName, string password, KerberosAccountType accountType, string kdcAddress, int kdcPort, TransportType transportType, KerberosConstValue.OidPkt oidPkt, string salt = null) : base(domain, cName, password, accountType, kdcAddress, kdcPort, transportType, oidPkt, salt) { testSite = TestClassBase.BaseTestSite; if (accountType == KerberosAccountType.Device) { testSite.Log.Add(LogEntryKind.Debug, "Construct Kerberos client using computer account: {0}@{1}.", cName, domain); } else { testSite.Log.Add(LogEntryKind.Debug, "Construct Kerberos client using user account: {0}@{1}.", cName, domain); } EncryptionType[] encryptionTypes = new EncryptionType[] { EncryptionType.AES256_CTS_HMAC_SHA1_96, EncryptionType.AES128_CTS_HMAC_SHA1_96, EncryptionType.RC4_HMAC, EncryptionType.RC4_HMAC_EXP, EncryptionType.DES_CBC_CRC, EncryptionType.DES_CBC_MD5 }; Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.KerbInt32[] etypes = new Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.KerbInt32[encryptionTypes.Length]; for (int i = 0; i < encryptionTypes.Length; i++) { etypes[i] = new Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.KerbInt32((int)encryptionTypes[i]); } Asn1SequenceOf<KerbInt32> etype = new Asn1SequenceOf<KerbInt32>(etypes); Context.SupportedEType = etype; Context.Pvno = KerberosConstValue.KERBEROSV5; }
/// <summary> /// Generate a GCC AP token for the given account and SPN. /// </summary> /// <param name="kdcIpAddr">KDC IP address</param> /// <param name="account">Account Name.</param> /// <param name="pwd">Password of the account.</param> /// <param name="domain">Domain name.</param> /// <param name="spn">SPN</param> /// <param name="aType">Account type</param> /// <returns>Token</returns> public static byte[] GenerateGssApToken(string kdcIpAddr, string account, string pwd, string domain, string spn, KerberosAccountType aType) { KerberosTestClient client = new KerberosTestClient( domain, account, pwd, KerberosAccountType.User, kdcIpAddr, 88, Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.TransportType.TCP, (KerberosConstValue.OidPkt)Enum.Parse(typeof(KerberosConstValue.OidPkt), "MSKerberosToken")); //Create and send AS request KdcOptions options = KdcOptions.FORWARDABLE | KdcOptions.CANONICALIZE | KdcOptions.RENEWABLE | KdcOptions.OK_AS_DELEGATE; client.SendAsRequest(options, null); //Recieve preauthentication required error Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.METHOD_DATA methodData; KerberosKrbError krbError = client.ExpectPreauthRequiredError(out methodData); //Create sequence of PA data string timeStamp = KerberosUtility.CurrentKerberosTime.Value; Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.PaEncTimeStamp paEncTimeStamp = new Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.PaEncTimeStamp(timeStamp, 0, client.Context.SelectedEType, client.Context.CName.Password, client.Context.CName.Salt); Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.PaPacRequest paPacRequest = new Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.PaPacRequest(true); Microsoft.Protocols.TestTools.StackSdk.Asn1.Asn1SequenceOf <PA_DATA> seqOfPaData = new Microsoft.Protocols.TestTools.StackSdk.Asn1.Asn1SequenceOf <PA_DATA>(new Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.PA_DATA[] { paEncTimeStamp.Data, paPacRequest.Data }); //Create and send AS request client.SendAsRequest(options, seqOfPaData); KerberosAsResponse asResponse = client.ExpectAsResponse(); //Create and send TGS request client.SendTgsRequest(spn, options); KerberosTgsResponse refTgsResponse = client.ExpectTgsResponse(); // client.ChangeRealm(childDomain, childDcIp, 88, Microsoft.Protocols.TestTools.StackSdk.Security.Kerberos.TransportType.TCP); // client.SendTgsRequest(spn, options); // KerberosTgsResponse tgsResponse = client.ExpectTgsResponse(); Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.AuthorizationData data = null; Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.EncryptionKey subkey = Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.KerberosUtility.GenerateKey(client.Context.SessionKey); byte[] token = client.CreateGssApiToken(Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.ApOptions.None, data, subkey, Microsoft.Protocols.TestTools.StackSdk.Security.KerberosLib.ChecksumFlags.None, KerberosConstValue.GSSToken.GSSAPI ); return(token); }
/// <summary> /// Create AS response. /// </summary> /// <param name="kileConnection">Maintain a connection with a target client. This argument cannot be null.</param> /// <param name="accountType">The type of the logoned account. User or Computer</param> /// <param name="password">Password of the user who logon the system. This argument cannot be null.</param> /// <param name="SeqofPaData">The pre-authentication data in AS request. /// This argument can be generated by method ConstructPaData. This argument could be null.</param> /// <param name="encTicketFlags">Ticket Flags</param> /// <param name="ticketAuthorizationData">The authorization-data field is used to pass authorization data from /// the principal on whose behalf a ticket was issued to the application service. This parameter could be null. /// </param> /// <returns>The created AS response.</returns> /// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception> /// <exception cref="System.InvalidOperationException">Thrown when no kileConnection related server context /// is found </exception> public KileAsResponse CreateAsResponse( KileConnection kileConnection, KerberosAccountType accountType, string password, _SeqOfPA_DATA SeqofPaData, EncTicketFlags encTicketFlags, AuthorizationData ticketAuthorizationData) { KileServerContext serverContext = GetServerContextByKileConnection(kileConnection); string cName = serverContext.UserName.name_string.elements[0].mValue; string cRealm = serverContext.UserRealm.mValue; serverContext.Salt = GenerateSalt(cRealm, cName, accountType); serverContext.TicketEncryptKey = new EncryptionKey((int)EncryptionType.RC4_HMAC, GetEncryptionKeyByType(EncryptionType.RC4_HMAC)); if (password == null) { throw new ArgumentNullException("password"); } else { serverContext.Password = password; } KileAsResponse response = new KileAsResponse(serverContext); // Construct a Ticket Ticket ticket = new Ticket(); ticket.tkt_vno = new Asn1Integer(ConstValue.KERBEROSV5); ticket.realm = new Realm(domain); ticket.sname = serverContext.SName; // Set EncTicketPart EncTicketPart encTicketPart = new EncTicketPart(); EncryptionType encryptionType = (EncryptionType)serverContext.EncryptType.elements[0].mValue; encTicketPart.key = new EncryptionKey((int)encryptionType, GetEncryptionKeyByType(encryptionType)); encTicketPart.flags = new TicketFlags(KileUtility.ConvertInt2Flags((int)encTicketFlags)); encTicketPart.crealm = serverContext.UserRealm; encTicketPart.cname = serverContext.UserName; encTicketPart.transited = new TransitedEncoding(4, null); encTicketPart.authtime = KileUtility.CurrentKerberosTime; encTicketPart.starttime = KileUtility.CurrentKerberosTime; encTicketPart.endtime = serverContext.endTime; encTicketPart.renew_till = serverContext.rtime ?? encTicketPart.endtime; encTicketPart.caddr = serverContext.Addresses; encTicketPart.authorization_data = ticketAuthorizationData; response.TicketEncPart = encTicketPart; // Set AS_REP response.Response.pvno = new Asn1Integer(ConstValue.KERBEROSV5); response.Response.msg_type = new Asn1Integer((int)MsgType.KRB_AS_RESP); response.Response.padata = SeqofPaData; response.Response.crealm = serverContext.UserRealm; response.Response.cname = serverContext.UserName; response.Response.ticket = ticket; // Set EncASRepPart EncASRepPart encASRepPart = new EncASRepPart(); encASRepPart.key = encTicketPart.key; LastReq_element element = new LastReq_element(new Int32(0), KileUtility.CurrentKerberosTime); encASRepPart.last_req = new LastReq(new LastReq_element[] { element }); encASRepPart.nonce = serverContext.Nonce; encASRepPart.flags = encTicketPart.flags; encASRepPart.authtime = encTicketPart.authtime; encASRepPart.starttime = encTicketPart.starttime; encASRepPart.endtime = encTicketPart.endtime; encASRepPart.renew_till = encTicketPart.renew_till; encASRepPart.srealm = ticket.realm; encASRepPart.sname = ticket.sname; encASRepPart.caddr = encTicketPart.caddr; response.EncPart = encASRepPart; return(response); }
public KileAsResponse CreateAsResponse( KileConnection kileConnection, KerberosAccountType accountType, string password, _SeqOfPA_DATA SeqofPaData, EncTicketFlags encTicketFlags, AuthorizationData ticketAuthorizationData) { KileServerContext serverContext = GetServerContextByKileConnection(kileConnection); string cName = serverContext.UserName.name_string.elements[0].mValue; string cRealm = serverContext.UserRealm.mValue; serverContext.Salt = GenerateSalt(cRealm, cName, accountType); serverContext.TicketEncryptKey = new EncryptionKey((int)EncryptionType.RC4_HMAC, GetEncryptionKeyByType(EncryptionType.RC4_HMAC)); if (password == null) { throw new ArgumentNullException("password"); } else { serverContext.Password = password; } KileAsResponse response = new KileAsResponse(serverContext); // Construct a Ticket Ticket ticket = new Ticket(); ticket.tkt_vno = new Asn1Integer(ConstValue.KERBEROSV5); ticket.realm = new Realm(domain); ticket.sname = serverContext.SName; // Set EncTicketPart EncTicketPart encTicketPart = new EncTicketPart(); EncryptionType encryptionType = (EncryptionType)serverContext.EncryptType.elements[0].mValue; encTicketPart.key = new EncryptionKey((int)encryptionType, GetEncryptionKeyByType(encryptionType)); encTicketPart.flags = new TicketFlags(KileUtility.ConvertInt2Flags((int)encTicketFlags)); encTicketPart.crealm = serverContext.UserRealm; encTicketPart.cname = serverContext.UserName; encTicketPart.transited = new TransitedEncoding(4, null); encTicketPart.authtime = KileUtility.CurrentKerberosTime; encTicketPart.starttime = KileUtility.CurrentKerberosTime; encTicketPart.endtime = serverContext.endTime; encTicketPart.renew_till = serverContext.rtime ?? encTicketPart.endtime; encTicketPart.caddr = serverContext.Addresses; encTicketPart.authorization_data = ticketAuthorizationData; response.TicketEncPart = encTicketPart; // Set AS_REP response.Response.pvno = new Asn1Integer(ConstValue.KERBEROSV5); response.Response.msg_type = new Asn1Integer((int)MsgType.KRB_AS_RESP); response.Response.padata = SeqofPaData; response.Response.crealm = serverContext.UserRealm; response.Response.cname = serverContext.UserName; response.Response.ticket = ticket; // Set EncASRepPart EncASRepPart encASRepPart = new EncASRepPart(); encASRepPart.key = encTicketPart.key; LastReq_element element = new LastReq_element(new Int32(0), KileUtility.CurrentKerberosTime); encASRepPart.last_req = new LastReq(new LastReq_element[] { element }); encASRepPart.nonce = serverContext.Nonce; encASRepPart.flags = encTicketPart.flags; encASRepPart.authtime = encTicketPart.authtime; encASRepPart.starttime = encTicketPart.starttime; encASRepPart.endtime = encTicketPart.endtime; encASRepPart.renew_till = encTicketPart.renew_till; encASRepPart.srealm = ticket.realm; encASRepPart.sname = ticket.sname; encASRepPart.caddr = encTicketPart.caddr; response.EncPart = encASRepPart; return response; }
/// <summary> /// Create a KileClient instance. /// </summary> /// <param name="domain">The realm part of the client's principal identifier. /// This argument cannot be null.</param> /// <param name="cName">The account to logon the remote machine. Either user account or computer account /// This argument cannot be null.</param> /// <param name="password">The password of the user. This argument cannot be null.</param> /// <param name="accountType">The type of the logon account. User or Computer</param> /// <param name="kdcAddress">The IP address of the KDC.</param> /// <param name="kdcPort">The port of the KDC.</param> /// <param name="transportType">Whether the transport is TCP or UDP transport.</param> /// <exception cref="System.ArgumentNullException">Thrown when the input parameter is null.</exception> public KerberosClient(string domain, string cName, string password, KerberosAccountType accountType, KerberosTicket armorTicket, EncryptionKey armorSessionKey, string kdcAddress, int kdcPort, TransportType transportType, KerberosConstValue.OidPkt oidPkt = KerberosConstValue.OidPkt.KerberosToken, string salt = null) : this(domain, cName, password, accountType, armorTicket, armorSessionKey, IPAddress.Parse(kdcAddress), kdcPort, transportType, oidPkt, salt) { }