Forwarded TGT with addresses?
Weijun Wang
weijun.wang at oracle.com
Tue Jul 21 04:48:27 EDT 2015
When will a TGS-REQ for a forwarded TGT include addresses?
In Java, if a client wants to request for a forwarded TGT for a service,
it will get IP address for the host, and send a TGS-REQ for the ticket
with the address so that the TGT can only be used by the service.
Due to a bug, the address(es) field is never set. I'd like to set it now
but the TGT will be useless for the service if the address is not
correct, for example, service in NAT but KDC outside.
I tried MIT krb5 and seems the client has not send the address (I
created KDC on my local machine and create a fake service/yahoo.com). Is
this always true or is there a setting? In what cases is the addresses
field used?
Thanks
Weijun
More information about the krbdev
mailing list