FORWARDABLE

Gustavo V. G. C. Rios gustavo.rios at terra.com.br
Sun Nov 30 20:44:15 EST 2003


I have reading RFC 1510 to understand how kerberos works. Some thing a
very confusing for me. For instance:

Suppose i have a TGT and i want it to be renewd. So i use the TGS_REQ
for this, ok?
At the momment, this TGT has the forwarable bit on (1). But since i am
only request it to be renewd, i dow not specify the KDCoption
forwardable. Then what happens ? The following pseudo-code were
extracted from A.6

	if (req.kdc-options.FORWARDABLE is set) then
		if (tgt.flags.FORWARDABLE is reset) then
			error_out(KDC_ERR_BADOPTION);
		endif
		set new_tkt.flags.FORWARDABLE;
	endif.

So am i able to conclude that the forwardable flag on my "new" ticket is
lost ?


Second doubt: Ticket Flags like FORWARDABLE/PROXIABLE make sense only
for TGT, right? It is complete nonsense to "see" them on TGS tickets,
right ?

Thanks a lot for your time and cooperation.


More information about the Kerberos mailing list