/* Note that make_application_request might have to */ /* recursivly call this routine to get the appropriate */ /* ticket-granting ticket */ request.pvno := protocol version; /* pvno = 5 */ request.msg-type := message type; /* type = KRB_TGS_REQ */ body.kdc-options := users's preferences; /* If the TGT is not for the realm of the end-server */ /* then the sname will be for a TGT for the end-realm */ /* and the realm of the requested ticket (body.realm) */ /* will be that of the TGS to which the TGT we are */ /* sending applies */ body.sname := service's name; body.realm := service's realm; if (body.kdc-options.POSTDATED is set) then body.from := requested starting time; else omit body.from; endif body.till := requested end time; if (body.kdc-options.RENEWABLE is set) then body.rtime := requested final renewal time; endif body.nonce := random_nonce(); body.etype := requested etypes; if (user supplied addresses) then body.addresses := user's addresses; else omit body.addresses; endif body.enc-authorization-data := user-supplied data; if (body.kdc-options.ENC-TKT-IN-SKEY) then body.additional-tickets_ticket := second TGT; endif request.req-body := body; check := generate_checksum (req.body,checksumtype); request.padata[0].padata-type := PA-TGS-REQ; request.padata[0].padata-value := create a KRB_AP_REQ using the TGT and checksum /* add in any other padata as required/supplied */ kerberos := lookup(name of local kerberose server (or servers)); send(packet,kerberos); wait(for response); if (timed_out) then retry or use alternate server; endif