Grant Taylor gtaylor at tnetconsulting.net
Tue Nov 6 09:12:43 AEST 2018

On 11/05/2018 02:36 PM, Mantas Mikulėnas wrote:
> Sure, that's how the process of obtaining a TGT works in the first 
> place. You send an AS-REQ packet with proof of password knowledge, you 
> get an AS-REP with the TGT ticket back.

Thank you for confirming that such is possible.

> Not sure what part of the 'login' process you're referring to.

Vaguely ... /bin/login or the login prompt from SSH (which I /think/ is 
independent of /bin/login.)

>   * Credential verification? That's part of obtaining a TGT. You don't 
> need a ticket to obtain the TGT – instead you submit proof that you know 
> the password.
>   * Retrieval of directory information (uid, gid, homedir)? The login 
> process either uses its own "machine" credentials to do so, or just 
> retrieves the information anonymously, depending on sysadmin's 
> preference. (Or in the case of AD it's already stapled to the TGT to 
> speed everything up.)

Thank you for explaining.

> Yes, that's exactly what happens. However, probably not for all of the 
> same reasons as you imagine.


Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://minnie.tuhs.org/pipermail/tuhs/attachments/20181105/dd6bd6b9/attachment.bin>

More information about the TUHS mailing list