Connected: An Internet Encyclopedia
3.6.1. Generation of a KRB_CRED message

Up: Connected: An Internet Encyclopedia
Up: Requests For Comments
Up: RFC 1510
Up: 3. Message Exchanges
Up: 3.6. The KRB_CRED Exchange
Prev: 3.6. The KRB_CRED Exchange
Next: 3.6.2. Receipt of KRB_CRED message

3.6.1. Generation of a KRB_CRED message

3.6.1. Generation of a KRB_CRED message

When an application wishes to send a KRB_CRED message it first (using the KRB_TGS exchange) obtains credentials to be sent to the remote host. It then constructs a KRB_CRED message using the ticket or tickets so obtained, placing the session key needed to use each ticket in the key field of the corresponding KrbCredInfo sequence of the encrypted part of the the KRB_CRED message.

Other information associated with each ticket and obtained during the KRB_TGS exchange is also placed in the corresponding KrbCredInfo sequence in the encrypted part of the KRB_CRED message. The current time and, if specifically required by the application the nonce, s- address, and raddress fields, are placed in the encrypted part of the KRB_CRED message which is then encrypted under an encryption key previosuly exchanged in the KRB_AP exchange (usually the last key negotiated via subkeys, or the session key if no negotiation has occured).


Next: 3.6.2. Receipt of KRB_CRED message

Connected: An Internet Encyclopedia
3.6.1. Generation of a KRB_CRED message