decode response into resp; if (resp.msg-type = KRB_ERROR) then if(error = KDC_ERR_PREAUTH_REQUIRED(PA_ENC_TIMESTAMP)) then set pa_enc_timestamp_required; goto KRB_AS_REQ; endif process_error(resp); return; endif /* On error, discard the response, and zero the session key */ /* from the response immediately */ key = get_decryption_key(resp.enc-part.kvno, resp.enc-part.etype, resp.padata); unencrypted part of resp := decode of decrypt of resp.enc-part using resp.enc-part.etype and key; zero(key); if (common_as_rep_tgs_rep_checks fail) then destroy resp.key; return error; endif if near(resp.princ_exp) then print(warning message); endif save_for_later(ticket,session,client,server,times,flags);