Skip to main content

2.1. Initial, Pre-authenticated, and Hardware-Authenticated Tickets

INITIAL Flag

The INITIAL flag indicates that a ticket was issued using the AS protocol, rather than issued based on a TGT.

Usage

Application servers that want to require the demonstrated knowledge of a client's secret key (e.g., a password-changing program) can:

Insist that this flag be set in any tickets they accept
Be assured that the client's key was recently presented to the authentication server

PRE-AUTHENT and HW-AUTHENT Flags

These flags provide additional information about the initial authentication, regardless of whether the current ticket was:

Issued directly: INITIAL will also be set
Issued on the basis of a TGT: INITIAL flag is clear, but PRE-AUTHENT and HW-AUTHENT flags are carried forward from the TGT

INITIAL Flag
- Usage
PRE-AUTHENT and HW-AUTHENT Flags