On 2012-08-16 20:10, Russ Allbery wrote:
What's stored in the webkdc-proxy token is not just the TGT. It's a complete serialization of a krb5_creds structure as returned by krb5_get_init_creds_password. So it includes all of:
Ahh.. yes. That explains it to me. Thanks
I'm guessing that the protocol specification doesn't describe this properly currently and incorrectly conflates the TGT with the complete creds structure.
Yes.... I was thinking purely in the ASN.1 spec terms when I read the word "ticket".
/Peter
