Connected: An Internet Encyclopedia
A.18. KRB_CRED generation

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1510
Up: A. Pseudo-code for protocol processing
Prev: A.17. KRB_PRIV verification
Next: A.19. KRB_CRED verification

A.18. KRB_CRED generation

A.18. KRB_CRED generation

        invoke KRB_TGS; /* obtain tickets to be provided to peer */

        /* assemble packet: */
        packet.pvno := protocol version; /* 5 */
        packet.msg-type := message type; /* KRB_CRED */

        for (tickets[n] in tickets to be forwarded) do
      [n] = tickets[n].ticket;

        packet.enc-part.etype := encryption type;

        for (ticket[n] in tickets to be forwarded) do
                body.ticket-info[n].key = tickets[n].session;
                body.ticket-info[n].prealm = tickets[n].crealm;
                body.ticket-info[n].pname = tickets[n].cname;
                body.ticket-info[n].flags = tickets[n].flags;
                body.ticket-info[n].authtime = tickets[n].authtime;
                body.ticket-info[n].starttime = tickets[n].starttime;
                body.ticket-info[n].endtime = tickets[n].endtime;
                body.ticket-info[n].renew-till = tickets[n].renew-till;
                body.ticket-info[n].srealm = tickets[n].srealm;
                body.ticket-info[n].sname = tickets[n].sname;
                body.ticket-info[n].caddr = tickets[n].caddr;

        get system_time;
        body.timestamp, body.usec := system_time;

        if (using nonce) then
                body.nonce := nonce;

        if (using s-address) then
                body.s-address := sender host addresses;
        if (limited recipients) then
                body.r-address := recipient host address;

        encode body into OCTET STRING;

        select encryption type;
        encrypt OCTET STRING into packet.enc-part.cipher
        using negotiated encryption key;

Next: A.19. KRB_CRED verification

Connected: An Internet Encyclopedia
A.18. KRB_CRED generation