user name in ticket

yuval yabadi at checkpoint.com
Sun Aug 17 03:26:55 EDT 2008


Hi All

I have AD environment with IE and apache web server.
The web server configure (web server have AD user with keytab) to required
IE clients to be authenticate.
The client sends to the web server krb ticket. This ticket includes the
client name.
According to RFC4120 section 5.3 it should have.
My question is: what is the source of the name? It is taken from the TGT,
when the user logged on to AD? Or it taken from the user name in request
from AD for this specific ticket (The client sends it name in clear with the
request)? 


Regards

Yuval
Abadi




More information about the Kerberos mailing list