Connected: An Internet Encyclopedia
A.7. KRB_TGS_REP verification
Up:
Connected: An Internet Encyclopedia
Up:
Requests For Comments
Up:
RFC 1510
Up:
A. Pseudo-code for protocol processing
Prev: A.6. KRB_TGS_REQ verification and KRB_TGS_REP generation
Next: A.8. Authenticator generation
A.7. KRB_TGS_REP verification
A.7. KRB_TGS_REP verification
decode response into resp;
if (resp.msg-type = KRB_ERROR) then
process_error(resp);
return;
endif
/* On error, discard the response, and zero the session key from
the response immediately */
if (req.padata.authenticator.subkey)
unencrypted part of resp :=
decode of decrypt of resp.enc-part
using resp.enc-part.etype and subkey;
else unencrypted part of resp :=
decode of decrypt of resp.enc-part
using resp.enc-part.etype and tgt's session key;
if (common_as_rep_tgs_rep_checks fail) then
destroy resp.key;
return error;
endif
check authorization_data as necessary;
save_for_later(ticket,session,client,server,times,flags);
Next: A.8. Authenticator generation
Connected: An Internet Encyclopedia
A.7. KRB_TGS_REP verification