AS-REQ service tickets
John Wray
jwray at us.ibm.com
Wed Aug 16 18:22:01 EDT 2023
I believe it should be possible to obtain a service ticket to a server within the local realm directly using an AS-REQ from krb5_get_init_creds_keytab()/password() by specifying the target server name instead of the TGS in the in_tkt_service parameter.
Has anyone noticed any change in tickets obtained this way from Microsoft Domain Controllers after a recent security update? None of the CVEs mentioned seem to relate to this KDC behavior.
John
More information about the krbdev
mailing list