TGT
Serwis znalezionych hasełOdnośniki
- Smutek to uczucie, jak gdyby się tonęło, jak gdyby grzebano cię w ziemi.
- Ty, co głupoty powagą Najmądrzejszych wodzisz za łby; Ty, którą po śniegu nago Człowiek bez litości gnałby; Ty, elokwencji patoko,...
- su użytkownika...
- ezasową i ciągłą...
- Wreszcie Valarowie zwołali naradę, zaniepokojeni wieściami, które Yavanna i Orome przynosili z Krain Zewnętrznych...
- resów, na które na le Âży prze kie ro waĂŚ wia do moϾ, plik fil tru moÂże za wie raĂŚ te sty za - war to œci przy chodzÂącej wia do mo œci, tak by na przykÂład wia do...
- Wspinając się na grzbiety olbrzymich fal, łódź przywierała do dryfkotew niczym alpinista do liny...
- w swej głowie wymalował, iż potym sztychując ono z rzeczą prawdziwą a widomą, chocia sama w sobie onad rzecz była dziwnie osobna, jednak przeciwko onej...
- Jak dotąd połączenie wyprawy na zakupy i misji szpiegowskiej szło całkiem nieźle, co wskazywało, że Pedi miała prawdopodobnie rację...
- — Mam nadziejÄ™, że nie… Uważam, że już by siÄ™ pani dowiedziaÅ‚a...
- Lekarstwa ludziom od szatana opętanym przez czary...
Smutek to uczucie, jak gdyby się tonęło, jak gdyby grzebano cię w ziemi.
10
Preauthenticated
Specifies that preauthentication was required before the ticket was
created.
11
HW-authenticated
A hardware device was used to complete preauthentication.
12
Transited Policy Checked The KDC completed a check of all realms that the ticket has crossed to ensure that the realms were trusted.
http://corpitk.earthweb.com/reference/pro/1928994024/ch03/03-05.html (2 of 3) [8/3/2000 6:51:50 AM]
Configuring Windows 2000 Server Security:Kerberos Server Authentication 13
OK As Delegate
The server specified in the ticket can act as a delegate for proxy or
forwarded tickets.
14
Anonymous
The principal is a generic account used to distribute a session key.
15–31
Reserved
Previous Table of Contents Next
Products | Contact Us | About Us | Privacy | Ad Info | Home
Use of this site is subject to certain Terms & Conditions, Copyright © 1996-2000 EarthWeb Inc. All rights
reserved. Reproduction whole or in part in any form or medium without express written permission of EarthWeb is prohibited. Read EarthWeb's privacy statement.
http://corpitk.earthweb.com/reference/pro/1928994024/ch03/03-05.html (3 of 3) [8/3/2000 6:51:50 AM]
Configuring Windows 2000 Server Security:Kerberos Server Authentication
Configuring Windows 2000 Server Security
by Thomas W. Shinder, M.D., MCSE, MCP+I, MCT, Debra Littlejohn Shinder, MCSE, MCP+I, MCT, D. Lynn White, MCSE, MCPS, MCP+I, MCT
Syngress Publishing, Inc.
ISBN: 1928994024 Pub Date: 06/01/99
Search this book:
Search Tips
Advanced Search
Previous Table of Contents Next
Tickets can be used by the principal holding the ticket as many times as necessary, as long as it is within the Title
inclusive period shown between the start time and the end time. The time for a ticket is set by the KDC and is based upon the current time unless the client has requested a different start time. Clients do not have to request a start time, but they do include the time they want the ticket to expire. The KDC consults the Kerberos realm policy and adds the time indicated in the policy to the start time. If the client has requested a
-----------
specific end time, the KDC adds the requested end time to the start time. Whichever time is shorter, the time calculated using the Kerberos policy or the time calculated using the client requested time, is the time used for the end time.
If a client sends an expired session ticket to a server, then the server rejects it. It is then up to the client to go back to the KDC and request a new session ticket. However, if the client is already communicating with the server and the session ticket expires, communication continues to take place. Session tickets are used to authenticate the connection to the server. After the authentication has taken place, the session ticket can expire, but the connection will not be dropped.
Ticket-granting tickets also expire on the basis of the time set in the Kerberos realm policy. If a client attempts to use an expired TGT with the KDC, then the KDC rejects it. At that point the client must request a new TGT from the KDC, using the user’s long-term key.
It is possible to renew tickets as well as flag settings The Kerberos realm policy dictates whether tickets are renewable or not. If the policy allows tickets to be renewed, then the renewable flag is set in every ticket issued by the KDC. In this situation, the KDC places a time in the end time field and another time in the renew till time field of tickets. The time set in the renew till time field is equivalent to the time set in the start time field added to the maximum cumulative ticket life set in the Kerberos realm policy. The client must submit the ticket to the KDC prior to the original expiration time shown in the end time field. Every time the client sends a ticket back to the KDC, it must send a new authenticator also. When the KDC receives the ticket from the client, it checks the time set in the renew till time field. If the time has not already passed, then the KDC creates a new copy of the ticket that has a new time set in the end time field as well as a new session key. By issuing a new session key, the KDC helps to alleviate the possibility of compromised keys.
Proxy Tickets and Forwarded Tickets
http://corpitk.earthweb.com/reference/pro/1928994024/ch03/03-06.html (1 of 3) [8/3/2000 6:51:59 AM]