Forum

Ultimate Windows Security Forum » Security Log » 4769 - A Kerberos service ticket was... » Ticket Options RFC 4120 5.4.1

Ticket Options RFC 4120 5.4.1

Rate Topic

Display Mode

Topic Options

Author

Message

Romans6

Posted 3/31/2015 2:26:18 PM

Forum Newbie

Group: Forum Members
Last Login: 3/31/2015 3:48:42 PM
Posts: 5, Visits: 2

RFC 4120
https://www.ietf.org/rfc/rfc4120.txt

5.4.1

KDCOptions ::= KerberosFlags
-- reserved(0),
-- forwardable(1),
-- forwarded(2),
-- proxiable(3),
-- proxy(4),
-- allow-postdate(5),
-- postdated(6),
-- unused7(7),
-- renewable(8),
-- unused9(9),
-- unused10(10),
-- opt-hardware-auth(11),
-- unused12(12),
-- unused13(13),
-- 15 is reserved for canonicalize
-- unused15(15),
-- 26 was unused in 1510
-- disable-transited-check(26),
-- renewable-ok(27),
-- enc-tkt-in-skey(28),
-- renew(30),
-- validate(31)

My .pcap examples.

kdc-options: 40810010 (forwardable, renewable, canonicalize, renewable-ok)
0... .... = reserved: False
.1.. .... = forwardable: True
..0. .... = forwarded: False
...0 .... = proxiable: False
.... 0... = proxy: False
.... .0.. = allow-postdate: False
.... ..0. = postdated: False
.... ...0 = unused7: False
1... .... = renewable: True
.0.. .... = unused9: False
..0. .... = unused10: False
...0 .... = opt-hardware-auth: False
.... ..0. = request-anonymous: False
.... ...1 = canonicalize: True
0... .... = constrained-delegation: False
..0. .... = disable-transited-check: False
...1 .... = renewable-ok: True
.... 0... = enc-tkt-in-skey: False
.... ..0. = renew: False
.... ...0 = validate: False

kdc-options: 40810000 (forwardable, renewable, canonicalize)
0... .... = reserved: False
.1.. .... = forwardable: True
..0. .... = forwarded: False
...0 .... = proxiable: False
.... 0... = proxy: False
.... .0.. = allow-postdate: False
.... ..0. = postdated: False
.... ...0 = unused7: False
1... .... = renewable: True
.0.. .... = unused9: False
..0. .... = unused10: False
...0 .... = opt-hardware-auth: False
.... ..0. = request-anonymous: False
.... ...1 = canonicalize: True
0... .... = constrained-delegation: False
..0. .... = disable-transited-check: False
...0 .... = renewable-ok: False
.... 0... = enc-tkt-in-skey: False
.... ..0. = renew: False
.... ...0 = validate: False

Post #2972

« Prev Topic | Next Topic »

Permissions

All times are GMT -5:00, Time now is 7:24pm

Upcoming Webinars

Additional Resources

Home

Forum

User name:
Password:
	/ Forgot?
	Register

Home

About | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2008 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.