6 Nov
2018
6 Nov
'18
12:12 a.m.
On 11/05/2018 02:36 PM, Mantas Mikulėnas wrote:
Sure, that's how the process of obtaining a TGT
works in the first
place. You send an AS-REQ packet with proof of password knowledge, you
get an AS-REP with the TGT ticket back.
Thank you for confirming that such is possible.
Not sure what part of the 'login' process
you're referring to.
Vaguely ... /bin/login or the login prompt from SSH (which I /think/ is
independent of /bin/login.)
* Credential verification? That's part of
obtaining a TGT. You don't
need a ticket to obtain the TGT – instead you submit proof that you know
the password.
* Retrieval of directory information (uid, gid, homedir)? The login
process either uses its own "machine" credentials to do so, or just
retrieves the information anonymously, depending on sysadmin's
preference. (Or in the case of AD it's already stapled to the TGT to
speed everything up.)
Thank you for explaining.
Yes, that's exactly what happens. However,
probably not for all of the
same reasons as you imagine.
ACK
--
Grant. . . .
unix || die