[20438] in Kerberos_V5_Development
AS-REQ service tickets
daemon@ATHENA.MIT.EDU (John Wray)
Wed Aug 16 18:23:13 2023
From: John Wray <jwray@us.ibm.com>
To: "krbdev@mit.edu" <krbdev@mit.edu>
Date: Wed, 16 Aug 2023 22:22:01 +0000
Message-ID: <SA0PR15MB3838BD46D7BABB7BC9C7C1CD8C15A@SA0PR15MB3838.namprd15.prod.outlook.com>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
I believe it should be possible to obtain a service ticket to a server within the local realm directly using an AS-REQ from krb5_get_init_creds_keytab()/password() by specifying the target server name instead of the TGS in the in_tkt_service parameter.
Has anyone noticed any change in tickets obtained this way from Microsoft Domain Controllers after a recent security update? None of the CVEs mentioned seem to relate to this KDC behavior.
John
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
