request.pvno := protocol version; /* pvno = 5 */ request.msg-type := message type; /* type = KRB_AS_REQ */ if(pa_enc_timestamp_required) then request.padata.padata-type = PA-ENC-TIMESTAMP; get system_time; padata-body.patimestamp,pausec = system_time; encrypt padata-body into request.padata.padata-value using client.key; /* derived from password */ endif body.kdc-options := users's preferences; body.cname := user's name; body.realm := user's realm; body.sname := service's name; /* usually "krbtgt", "localrealm" */ if (body.kdc-options.POSTDATED is set) then body.from := requested starting time; else omit body.from; endif body.till := requested end time; if (body.kdc-options.RENEWABLE is set) then body.rtime := requested final renewal time; endif body.nonce := random_nonce(); body.etype := requested etypes; if (user supplied addresses) then body.addresses := user's addresses; else omit body.addresses; endif omit body.enc-authorization-data; request.req-body := body; kerberos := lookup(name of local kerberos server (or servers)); send(packet,kerberos); wait(for response); if (timed_out) then retry or use alternate server; endif