KERB_TICKET_CACHE_INFO structure (ntsecapi.h)
The KERB_TICKET_CACHE_INFO structure contains information about a cached Kerberos ticket. The Kerberos ticket is defined in Internet RFC 4120. For more information, see http://www.ietf.org.
It can be used both for retrieving tickets and querying the ticket cache. The KERB_QUERY_TKT_CACHE_RESPONSE structure uses this structure.
Syntax
typedef struct _KERB_TICKET_CACHE_INFO {
UNICODE_STRING ServerName;
UNICODE_STRING RealmName;
LARGE_INTEGER StartTime;
LARGE_INTEGER EndTime;
LARGE_INTEGER RenewTime;
LONG EncryptionType;
ULONG TicketFlags;
} KERB_TICKET_CACHE_INFO, *PKERB_TICKET_CACHE_INFO;
Members
ServerName
A UNICODE_STRING that contains the name of the server the ticket applies to. This name is combined with the RealmName value to create the full name ServerName@RealmName.
RealmName
A UNICODE_STRING that contains the name of the realm the ticket applies to.
StartTime
A FILETIME structure that contains the time at which the ticket becomes valid. If the starttime member of the ticket is not set, this value defaults to the time when the ticket was initially authenticated, authtime. The starttime member of a ticket is optional.
EndTime
A FILETIME structure that contains the time when the ticket expires.
RenewTime
If KERB_TICKET_FLAGS_renewable is set in TicketFlags, this member is a FILETIME structure that contains the time beyond which the ticket cannot be renewed.
EncryptionType
The type of encryption used in the ticket.
TicketFlags
The ticket flags, as defined in Internet RFC 4120. These flags can be one or more of the following values.
| Value | Meaning |
|---|---|
|
The ticket-granting server can issue a new ticket-granting ticket with a different network address based on the presented ticket. |
|
The ticket has either been forwarded or was issued based on authentication that involved a forwarded ticket-granting ticket. |
|
The protocol employed for initial authentication required the use of hardware expected to be possessed solely by the named client. The hardware authentication method is selected by the KDC and the strength of the method is not indicated. |
|
The ticket was issued by using the Authentication Service protocol instead of being based on a ticket-granting ticket. |
|
The ticket is not valid. |
|
Indicates to the ticket-granting server that a postdated ticket can be issued based on this ticket-granting ticket. |
|
The target of the ticket is trusted by the directory service for delegation. Thus, clients may delegate their credentials to the server, which lets the server act as the client when talking to other services. |
|
The ticket has been postdated. The end-service can check the ticket's authtime member to see when the original authentication occurred. |
|
During initial authentication, the client was authenticated by the Key Distribution Center (KDC) before a ticket was issued. The strength of the preauthentication method is not indicated, but is acceptable to the KDC. |
|
Indicates to the ticket-granting server that only nonticket-granting tickets can be issued based on this ticket but with a different network addresses. |
|
The ticket is a proxy. |
|
The ticket is renewable. If this flag is set, the time limit for renewing the ticket is set in RenewTime. A renewable ticket can be used to obtain a replacement ticket that expires at a later date. |
|
Reserved for future use. Do not set this flag. |
|
Reserved. |
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Windows XP [desktop apps only] |
| Minimum supported server | Windows Server 2003 [desktop apps only] |
| Header | ntsecapi.h |