Was this page helpful?
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

3.1.5.2.2 Receives Referral

If Service 1 receives a referral ([Referrals] section 8) and does not have its own service ticket for Service 2, then Service 1 SHOULD obtain a service ticket for Service 2.<14>

The SFU client SHOULD send a KRB_TGS_REQ for the user to each referral Key Distribution Center (KDC) until it receives a referral ticket-granting ticket (TGT) for Service 2’s realm. Because the SFU client already has a service ticket for Service 2 (that is, the service ticket obtained by Service 1 for itself), it has the name of Service 2’s realm. The SFU client SHOULD send a KRB_TGS_REQ with the S4U2proxy extensions using the Service 1’s referral TGT:

  • kdc-options field: MUST include the new cname-in-addl-tkt options flag.

  • additional-tickets field: The user's referral TGT.

  • sname and realm fields: The name and realm of Service 2.

Show:
© 2016 Microsoft