invoke KRB_TGS; /* obtain tickets to be provided to peer */ /* assemble packet: */ packet.pvno := protocol version; /* 5 */ packet.msg-type := message type; /* KRB_CRED */ for (tickets[n] in tickets to be forwarded) do packet.tickets[n] = tickets[n].ticket; done packet.enc-part.etype := encryption type; for (ticket[n] in tickets to be forwarded) do body.ticket-info[n].key = tickets[n].session; body.ticket-info[n].prealm = tickets[n].crealm; body.ticket-info[n].pname = tickets[n].cname; body.ticket-info[n].flags = tickets[n].flags; body.ticket-info[n].authtime = tickets[n].authtime; body.ticket-info[n].starttime = tickets[n].starttime; body.ticket-info[n].endtime = tickets[n].endtime; body.ticket-info[n].renew-till = tickets[n].renew-till; body.ticket-info[n].srealm = tickets[n].srealm; body.ticket-info[n].sname = tickets[n].sname; body.ticket-info[n].caddr = tickets[n].caddr; done get system_time; body.timestamp, body.usec := system_time; if (using nonce) then body.nonce := nonce; endif if (using s-address) then body.s-address := sender host addresses; endif if (limited recipients) then body.r-address := recipient host address; endif encode body into OCTET STRING; select encryption type; encrypt OCTET STRING into packet.enc-part.cipher using negotiated encryption key;