>>>>> "Gustavo" == Gustavo V G C Rios <[EMAIL PROTECTED]> writes:
Gustavo> Sam Hartman wrote:
>> >>>>> "Gustavo" == Gustavo V G C Rios
>> <[EMAIL PROTECTED]> writes:
>>
Gustavo> I have reading RFC 1510 to understand how kerberos
Gustavo> works. Some thing a very confusing for me. For instance:
>>
Gustavo> Suppose i have a TGT and i want it to be renewd. So i use
Gustavo> the TGS_REQ for this, ok? At the momment, this TGT has
Gustavo> the forwarable bit on (1). But since i am only request it
Gustavo> to be renewd, i dow not specify the KDCoption
Gustavo> forwardable. Then what happens ?
>> At seems that the MIT KDC at least preserves the forwardable
>> bit in this case.
Gustavo> Ok! What is the rationale having non TGT as forwardable ?
Gustavo> And Proxiable ? Sorry, but i could not understand.
It is meaningless for a non-TGT to be forwardable, although I suspect
most KDCs will keep the option bit set. A non-TGT can be proxyable;
that means anyone who has that ticket can proxy it to get different
authorization data or addresses.
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
