On 01/16/2014 02:46 PM, venkyA wrote: > The authenticator which is encrypted with session key would establish the > identity of the user. Why we need an armoring in a TGS-REQ and how it is > done?
RFC 6113 section 5.4.2 specifies this in the second point of the bullet list. The authenticator in the PA-TGS-REQ is used to compute the armor key; this is called "implicit armor." The KrbFastArmoredReq pa-data contains omits the armor field, so it contains only a req-checksum and an enc-fast-req. The benefits of FAST for TGS are less significant than for AS, but it does tighten up some security properties of the TGS exchange, authenticating fields which are currently unauthenticated. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
