configure Kerberos client to always send (timestamp) preauthentication

Sam Hartman hartmans at MIT.EDU
Mon Feb 3 09:30:36 EST 2003

>>>>> "Wood," == Wood, Justin S <Justin.S.Wood at> writes:
    Wood,> Perhaps I've missed the point, but should it not be
    Wood,> possible to configure the client to always send preauth,
    Wood,> and hence remove the initial redundant protocol
    Wood,> interaction?

I believe that current APIs allow this, but kinit does not currently
implement that feature.

In future, it will be less useful as the client will need more
information from the KDC to make a correct guess about what preauth or
encryption types to use.

So you should not expect to see anyone actually exposing this support
in kinit.

More information about the Kerberos mailing list