I see. So after a security context is established. These functions should return the same results on both side. Of course, if a particular piece of info is only available from the encrypted part of the service ticket, only the service side knows it and this function is not supported on the client side.
Max Luke Howard wrote: > > On 09/03/2009, at 1:45 PM, Max (Weijun) Wang wrote: > >>> gss_krb5_get_tkt_flags() >>> gsskrb5_extract_authz_data_from_sec_context() >>> gsskrb5_extract_authtime_from_sec_context() >> >> I guess the tkt or authXXX above are all for the intial TGT (instead >> of any service ticket). Right? > > The service ticket; the service does not have the TGT (although the KDC > may use the TGT in deriving those values). > > -- Luke ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
