Yes, a data gets a service ticket. > On Jul 31, 2024, at 4:55 PM, Ken Hornstein <k...@cmf.nrl.navy.mil> wrote: > > >> >> One surprise in doing all of this is that there seems to be no standard >> utility to let us see the auth indicator for the user's credentials. I'm >> probably doing to use one of the test programs (adata). It seems to be >> complicated by having the auth indicator in the encrypted part of the >> ticket. > > If you are using the GSSAPI to authenticate, there's a way (it's kind > of complicated and weird, like the rest of the GSSAPI). There's not a > native way to do that with the Kerberos API; on my list is to submit a > patch to MIT to expose the necessary API (there's a lot of things on > that list, so don't wait for me). However, if you're interested in > looking at authentication indicators in TGTs, I'm not sure there's a > way to verify the AD-CAMMAC container in a TGT; you'd need to look at > a service ticket (which I suppose you would already have if you were > verifying a Kerberos password). > > --Ken
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
