>Never mind. I assume the flags is inside the ticket. Yeah, exactly. The KDC sets the flags, so you can trust their validity.
The one big issue is that if you're programming the GSSAPI, there's not a standardized GSSAPI function you can call to retrieve those flags, which is unfortunate; for MIT Kerberos, there is a function called gss_krb5_get_ticket_flags() you can use and it looks like the same thing exists for Heimdal. --Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
