I have reading RFC 1510 to understand how kerberos works. Some thing a
very confusing for me. For instance:
Suppose i have a TGT and i want it to be renewd. So i use the TGS_REQ
for this, ok?
At the momment, this TGT has the forwarable bit on (1). But since i am
only request it to be renewd, i dow not specify the KDCoption
forwardable. Then what happens ? The following pseudo-code were
extracted from A.6
if (req.kdc-options.FORWARDABLE is set) then
if (tgt.flags.FORWARDABLE is reset) then
error_out(KDC_ERR_BADOPTION);
endif
set new_tkt.flags.FORWARDABLE;
endif.
So am i able to conclude that the forwardable flag on my "new" ticket is
lost ?
Second doubt: Ticket Flags like FORWARDABLE/PROXIABLE make sense only
for TGT, right? It is complete nonsense to "see" them on TGS tickets,
right ?
Thanks a lot for your time and cooperation.
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
