[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: NON-TGT in TGS_REQ

To: "Gustavo V. G. C. Rios" <gustavo.rios@terra.com.br>
Subject: Re: NON-TGT in TGS_REQ
From: Love <lha@stacken.kth.se>
Date: Fri, 12 Dec 2003 13:17:41 +0100
Cc: heimdal-discuss@sics.se
In-Reply-To: <3FCBF7C9.8B6FEF33@terra.com.br> (Gustavo V. G. C. Rios'smessage of "Tue, 02 Dec 2003 02:24:09 +0000")
References: <3FCBF7C9.8B6FEF33@terra.com.br>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/21.3 (berkeley-unix)


"Gustavo V. G. C. Rios" <gustavo.rios@terra.com.br> writes:

> Hi folks,
>
> i have looked at tgs_rep2 function and saw the following:
>
> 	if (!get_krbtgt_realm(&ap_req.ticket.sname)) {
> 		/* blah .. blah */
>
> 		goto out2;
> 	}
>
> I got curious, because RFC 1510 states that the PA-DATA may contain a
> non TGT, i.e., if that would be the case a client would request a TGS to
> be proxied. Apparently, heimdal enforces that only TGT be present into
> the ap_req field, right? Would not this be a conformance violation with
> RFC 1510 ?

I would guess so, but I can't say I looked to closely on the issue.

Love

PGP signature

References:
- NON-TGT in TGS_REQ
  - From: "Gustavo V. G. C. Rios" <gustavo.rios@terra.com.br>

Prev by Date: Re: Patch to support RRC longer than message
Next by Date: Re: Incompatibility between latest snapshot and version 0.6
Prev by thread: NON-TGT in TGS_REQ
Next by thread: Re: problem: default realm in openssh
Index(es):
- Date
- Thread