Connected: An Internet Encyclopedia
A.7. KRB_TGS_REP verification

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1510
Up: A. Pseudo-code for protocol processing
Prev: A.6. KRB_TGS_REQ verification and KRB_TGS_REP generation
Next: A.8. Authenticator generation

A.7. KRB_TGS_REP verification

A.7. KRB_TGS_REP verification

        decode response into resp;

        if (resp.msg-type = KRB_ERROR) then
                process_error(resp);
                return;
        endif

        /* On error, discard the response, and zero the session key from
        the response immediately */

        if (req.padata.authenticator.subkey)
                unencrypted part of resp :=
                        decode of decrypt of resp.enc-part
                        using resp.enc-part.etype and subkey;
        else unencrypted part of resp :=
                        decode of decrypt of resp.enc-part
                        using resp.enc-part.etype and tgt's session key;
        if (common_as_rep_tgs_rep_checks fail) then
                destroy resp.key;
                return error;
        endif

        check authorization_data as necessary;
        save_for_later(ticket,session,client,server,times,flags);


Next: A.8. Authenticator generation

Connected: An Internet Encyclopedia
A.7. KRB_TGS_REP verification