TGS-REP TICKET decrypting problem
Wang Weijun
weijun.wang at oracle.com
Fri Jun 13 02:15:38 EDT 2014
Yes, Client-2 is the service (it's a computer account, right?) here, and it has the key and is able to decrypt it. A computer can get the key directly from the system through some internal channel. If you want to decrypt on behalf of the computer, you use that keytab.
--Max
On Jun 13, 2014, at 14:06, somenath saha <saha.somenath.88 at gmail.com> wrote:
> is it right?
> Let there are two client CLIENT-1 and Clinet-2. now suppose CLIENT-1 get an ticket from KDC in TGS_REP message as he want to communicate with CLIENT-2. now CLIENT-1 forward this ticket to CLIENT-2 in AP_REQ message. now CLIENT-2 must have right to decrypt the ticket to get the shared key.. am i right???
More information about the krbdev
mailing list