[security-dev 00048]: Re: LSA ticket question

Max (Weijun) Wang Weijun.Wang at Sun.COM
Mon Jan 14 06:14:25 PST 2008


I have doubt. I find two kinds of struct for Kerberos ticket:  
KERB_EXTERNAL_TICKET, and KERB_TICEKT_CACHE_INFO. The former include  
an encoded form field, the later only name and flags etc. I can get  
an KERB_TICEKT_CACHE_INFO object for the FORWARDED ticket, but cannot  
find a way to convert it into KERB_EXTERNAL_TICKET.

Max


On Jan 14, 2008, at 10:07 PM, Andrew Fan wrote:

> Max (Weijun) Wang wrote:
>> Hi Andrew
>>
>> Want to confirm something with you: There are some kinds of  
>> Kerberos tickets inside the LSA cache that you can never get the  
>> encoded form, right?
>>
> I don't have any experience on this issue. But I think even if it  
> is a ticket, so it is should encoded in standard format, that's the  
> way the ticket exchanged among peers, I will try to look into it  
> tomorrow or the day after tomorrow.
>
> Andrew
>> I've seen a ticket in kerbtray.exe that's flagged FORWARDED, but  
>> never find out how to get its encoded form, therefore cannot use  
>> it in Java.
>>
>> Thanks
>> Max
>>
>




More information about the security-dev mailing list