Skip to main content

2.2. Invalid Tickets

INVALID Flag

The INVALID flag indicates that a ticket is invalid.

Requirements

Application servers MUST reject tickets that have this flag set
A postdated ticket will be issued in this form
Invalid tickets MUST be validated by the KDC before use

Validation Process

Invalid tickets must be validated by being presented to the KDC in a TGS request with the VALIDATE option specified.

Validation Rules

The KDC will only validate tickets after their starttime has passed
The validation is required so that postdated tickets stolen before their starttime can be rendered permanently invalid through a hot-list mechanism (see Section 3.3.3.1)

INVALID Flag
Requirements
Validation Process
- Validation Rules