Ticket Options RFC 4120 5.4.1 Expand / Collapse
Author
Message
Posted 3/27/2015 10:49:00 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 3/31/2015 3:48:42 PM
Posts: 5, Visits: 2
RFC 4120
https://www.ietf.org/rfc/rfc4120.txt

5.4.1

KDCOptions ::= KerberosFlags
-- reserved(0),
-- forwardable(1),
-- forwarded(2),
-- proxiable(3),
-- proxy(4),
-- allow-postdate(5),
-- postdated(6),
-- unused7(7),
-- renewable(8),
-- unused9(9),
-- unused10(10),
-- opt-hardware-auth(11),
-- unused12(12),
-- unused13(13),
-- 15 is reserved for canonicalize
-- unused15(15),
-- 26 was unused in 1510
-- disable-transited-check(26),
-- renewable-ok(27),
-- enc-tkt-in-skey(28),
-- renew(30),
-- validate(31)

I will post my .pcap findings to show how the bit flags map at a later time.
Post #2967
Posted 3/31/2015 2:21:28 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 3/31/2015 3:48:42 PM
Posts: 5, Visits: 2
Hope this helps someone .

kdc-options: 40810010 (forwardable, renewable, canonicalize, renewable-ok)
0... .... = reserved: False
.1.. .... = forwardable: True
..0. .... = forwarded: False
...0 .... = proxiable: False
.... 0... = proxy: False
.... .0.. = allow-postdate: False
.... ..0. = postdated: False
.... ...0 = unused7: False
1... .... = renewable: True
.0.. .... = unused9: False
..0. .... = unused10: False
...0 .... = opt-hardware-auth: False
.... ..0. = request-anonymous: False
.... ...1 = canonicalize: True
0... .... = constrained-delegation: False
..0. .... = disable-transited-check: False
...1 .... = renewable-ok: True
.... 0... = enc-tkt-in-skey: False
.... ..0. = renew: False
.... ...0 = validate: False

kdc-options: 40810000 (forwardable, renewable, canonicalize)
0... .... = reserved: False
.1.. .... = forwardable: True
..0. .... = forwarded: False
...0 .... = proxiable: False
.... 0... = proxy: False
.... .0.. = allow-postdate: False
.... ..0. = postdated: False
.... ...0 = unused7: False
1... .... = renewable: True
.0.. .... = unused9: False
..0. .... = unused10: False
...0 .... = opt-hardware-auth: False
.... ..0. = request-anonymous: False
.... ...1 = canonicalize: True
0... .... = constrained-delegation: False
..0. .... = disable-transited-check: False
...0 .... = renewable-ok: False
.... 0... = enc-tkt-in-skey: False
.... ..0. = renew: False
.... ...0 = validate: False
Post #2971
Posted 8/21/2018 6:22:44 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 8/21/2018 4:36:07 PM
Posts: 3, Visits: 2
Bit Level Flags Portrayed
┌───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┐
│ 8 │ 4 │ 2 │ 1 │ 8 │ 4 │ 2 │ 1 │ 8 │ 4 │ 2 │ 1 │ 8 │ 4 │ 2 │ 1 │ 8 │ 4 │ 2 │ 1 │ 8 │ 4 │ 2 │ 1 │ 8 │ 4 │ 2 │ 1 │ 8 │ 4 │ 2 │ 1 │
├───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┤
│ 0 │ 0 │ 0 │ 0 │ 0 │ 0 │ 0 │ 1 │ 0 │ 0 │ 1 │ 0 │ 0 │ 0 │ 1 │ 1 │ 0 │ 1 │ 0 │ 0 │ 0 │ 1 │ 0 │ 1 │ 0 │ 1 │ 1 │ 0 │ 0 │ 1 │ 1 │ 1 │
├───┴───┴───┴───┼───┴───┴───┴───┼───┴───┴───┴───┼───┴───┴───┴───┼───┴───┴───┴───┼───┴───┴───┴───┼───┴───┴───┴───┼───┴───┴───┴───┤
│ . . . 0 . . . │ . . . 1 . . . │ . . . 2 . . . │ . . . 3 . . . │ . . . 4 . . . │ . . . 5 . . . │ . . . 6 . . . │ . . . 7 . . . │
└───────────────┴───────────────┴───────────────┴───────────────┴───────────────┴───────────────┴───────────────┴───────────────┘

┌───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┬───┐
│ 8 │ 4 │ 2 │ 1 │ 8 │ 4 │ 2 │ 1 │ 8 │ 4 │ 2 │ 1 │ 8 │ 4 │ 2 │ 1 │ 8 │ 4 │ 2 │ 1 │ 8 │ 4 │ 2 │ 1 │ 8 │ 4 │ 2 │ 1 │ 8 │ 4 │ 2 │ 1 │
├───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┤
│ 1 │ 0 │ 0 │ 0 │ 1 │ 0 │ 0 │ 1 │ 1 │ 0 │ 1 │ 0 │ 1 │ 0 │ 1 │ 1 │ 1 │ 1 │ 0 │ 0 │ 1 │ 1 │ 0 │ 1 │ 1 │ 1 │ 1 │ 0 │ 1 │ 1 │ 1 │ 1 │
├───┴───┴───┴───┼───┴───┴───┴───┼───┴───┴───┴───┼───┴───┴───┴───┼───┴───┴───┴───┼───┴───┴───┴───┼───┴───┴───┴───┼───┴───┴───┴───┤
│ . . . 8 . . . │ . . . 9 . . . │ . . . 10 . . .│ . . . 11 . . .│ . . . 12 . . .│ . . . 13 . . .│ . . . 14 . . .│ . . . 15 . . .│
└───────────────┴───────────────┴───────────────┴───────────────┴───────────────┴───────────────┴───────────────┴───────────────┘


Kerberos Ticket Options Decoded
┌───────────────┬───────────────┬───────────────┬───────────────┬───────────────┬───────────────┬───────────────┬───────────────┐
│ . . . 4 . . . │ . . . 0 . . . │ . . . 8 . . . │ . . . 1 . . . │ . . . 0 . . . │ . . . 0 . . . │ . . . 1 . . . │ . . . 0 . . . │
├───┬───┬───┬───┼───┬───┬───┬───┼───┬───┬───┬───┼───┬───┬───┬───┼───┬───┬───┬───┼───┬───┬───┬───┼───┬───┬───┬───┼───┬───┬───┬───┤
│ 0 │ 1 │ 0 │ 0 │ 0 │ 0 │ 0 │ 0 │ 1 │ 0 │ 0 │ 0 │ 0 │ 0 │ 0 │ 1 │ 0 │ 0 │ 0 │ 0 │ 0 │ 0 │ 0 │ 0 │ 0 │ 0 │ 0 │ 1 │ 0 │ 0 │ 0 │ 0 │
├───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┼───┤
│ 0 │ 0 │ 0 │ 0 │ 0 │ 0 │ 0 │ 0 │ 0 │ 0 │ 1 │ 1 │ 1 │ 1 │ 1 │ 1 │ 1 │ 1 │ 1 │ 1 │ 2 │ 2 │ 2 │ 2 │ 2 │ 2 │ 2 │ 2 │ 2 │ 2 │ 3 │ 3 │
│ 0 │ 1 │ 2 │ 3 │ 4 │ 5 │ 6 │ 7 │ 8 │ 9 │ 0 │ 1 │ 2 │ 3 │ 4 │ 5 │ 6 │ 7 │ 8 │ 9 │ 0 │ 1 │ 2 │ 3 │ 4 │ 5 │ 6 │ 7 │ 8 │ 9 │ 0 │ 1 │
└───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┴───┘


00 = reserved
01 = forwardable
02 = forwarded
03 = proxiable
04 = proxy
05 = allow-postdate
06 = postdated
07 = unused7
08 = renewable
09 = unused9
10 = unused10
11 = opt-hardware-auth
12 = unused12
13 = unused13
14 = request-anonymous
15 = canonicalize
16 = unused16
17 = unused17
18 = unused18
19 = unused19
20 = unused20
21 = unused21
22 = unused22
23 = unused23
24 = constrained-delegation
25 = unused25
26 = disable-transited-check
27 = renewable-ok
28 = enc-tkt-in-skey
29 = unused29
30 = renew
31 = validate
Post #8490
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 2:07am