FORWARDABLE
Gustavo V. G. C. Rios
gustavo.rios at terra.com.br
Sun Nov 30 20:44:15 EST 2003
I have reading RFC 1510 to understand how kerberos works. Some thing a
very confusing for me. For instance:
Suppose i have a TGT and i want it to be renewd. So i use the TGS_REQ
for this, ok?
At the momment, this TGT has the forwarable bit on (1). But since i am
only request it to be renewd, i dow not specify the KDCoption
forwardable. Then what happens ? The following pseudo-code were
extracted from A.6
if (req.kdc-options.FORWARDABLE is set) then
if (tgt.flags.FORWARDABLE is reset) then
error_out(KDC_ERR_BADOPTION);
endif
set new_tkt.flags.FORWARDABLE;
endif.
So am i able to conclude that the forwardable flag on my "new" ticket is
lost ?
Second doubt: Ticket Flags like FORWARDABLE/PROXIABLE make sense only
for TGT, right? It is complete nonsense to "see" them on TGS tickets,
right ?
Thanks a lot for your time and cooperation.
More information about the Kerberos
mailing list