On 11/05/2018 02:36 PM, Mantas Mikulėnas wrote:
> Sure, that's how the process of obtaining a TGT works in the first 
> place. You send an AS-REQ packet with proof of password knowledge, you 
> get an AS-REP with the TGT ticket back.

Thank you for confirming that such is possible.

> Not sure what part of the 'login' process you're referring to.

Vaguely ... /bin/login or the login prompt from SSH (which I /think/ is 
independent of /bin/login.)

>   * Credential verification? That's part of obtaining a TGT. You don't 
> need a ticket to obtain the TGT – instead you submit proof that you know 
> the password.
> 
>   * Retrieval of directory information (uid, gid, homedir)? The login 
> process either uses its own "machine" credentials to do so, or just 
> retrieves the information anonymously, depending on sysadmin's 
> preference. (Or in the case of AD it's already stapled to the TGT to 
> speed everything up.)

Thank you for explaining.

> Yes, that's exactly what happens. However, probably not for all of the 
> same reasons as you imagine.

ACK



-- 
Grant. . . .
unix || die