FORWARDABLE

Sam Hartman hartmans at MIT.EDU
Mon Dec 1 09:50:08 EST 2003


>>>>> "Gustavo" == Gustavo V G C Rios <gustavo.rios at terra.com.br> writes:

    Gustavo> Sam Hartman wrote:
    >>  >>>>> "Gustavo" == Gustavo V G C Rios
    >> <gustavo.rios at terra.com.br> writes:
    >> 
    Gustavo> I have reading RFC 1510 to understand how kerberos
    Gustavo> works. Some thing a very confusing for me. For instance:
    >>
    Gustavo> Suppose i have a TGT and i want it to be renewd. So i use
    Gustavo> the TGS_REQ for this, ok?  At the momment, this TGT has
    Gustavo> the forwarable bit on (1). But since i am only request it
    Gustavo> to be renewd, i dow not specify the KDCoption
    Gustavo> forwardable. Then what happens ?
    >>  At seems that the MIT KDC at least preserves the forwardable
    >> bit in this case.

    Gustavo> Ok! What is the rationale having non TGT as forwardable ?
    Gustavo> And Proxiable ? Sorry, but i could not understand.

It is meaningless for a non-TGT to be forwardable, although I suspect
most KDCs will keep the option bit set.  A non-TGT can be proxyable;
that means anyone who has that ticket can proxy it to get different
authorization data or addresses.



More information about the Kerberos mailing list