[5437] in Kerberos
forwardable tickets
daemon@ATHENA.MIT.EDU (Jonathan K. Millen)
Thu Jun 29 17:44:28 1995
To: kerberos@MIT.EDU
Date: 29 Jun 1995 14:00:49 GMT
From: jkm@faron.mitre.org (Jonathan K. Millen)
Could someone help me understand how Kerberos v5 handles
forwardable tickets? I've been looking at Kohl's "Evolution
of Kerberos..." paper and RFC 1510 but I'm still confused.
Fist, when and how is a forwardable TGT issued? The AS
normally gives a non-forwardable TGT to the client for
the TGS. Is this the one that is marked fowardable
if the client requests it?
Then, how is the forwardable TGT sent to the service
that will use it? Ordinarily a service gets a service
ticket that the client has requested from the TGT.
Is the forwardable TGT sent to the service as part of
the same message that sends it the service ticket?
-Jon Millen
