Architectural Question ...
Tony Cowan
ttcowan at us.ibm.com
Thu Feb 6 11:08:57 EST 2003
Hi Jacques,
Thanks for this info.
I'm not familiar with the releases ... is the Heimdal GSSAPI library
something from which many others were derived?
I'm using a java JGSS implementation.
Thanks for your time.
Tc.
Tony Cowan - IBM SWG Services. (ttcowan at us.ibm.com)
Phone: (206) 675 0095 Cell: (206) 280 6942
There is no tomorrow. Only a succession of todays. Don't wait too long to
figure that out.
|---------+---------------------------->
| | "Jacques A. |
| | Vidrine" |
| | <nectar at celabo.or|
| | g> |
| | |
| | 02/06/2003 07:36 |
| | AM |
| | |
|---------+---------------------------->
>---------------------------------------------------------------------------------------------------------------------------------------------|
| |
| To: Tony Cowan/Pittsburgh/IBM at IBMUS |
| cc: kerberos at mit.edu |
| Subject: Re: Architectural Question ... |
| |
>---------------------------------------------------------------------------------------------------------------------------------------------|
On Thu, Feb 06, 2003 at 06:03:30AM -0800, Tony Cowan wrote:
> > No, that's the beauty of Kerberos.
>
> Thanks Luke.
> Someone tells me they've been sniffing and found that one particular
> implementation does in fact hit the KDC to validate the ticket.
> I wonder if it's actually hitting the KDC for some other purpose.
Another possibility: There was a bug in the Heimdal GSSAPI library
previous to version 0.4f where gss_acquire_cred(..., GSS_C_ACCEPT,
...) would do a useless AS exchange (using its keytab).
Cheers,
--
Jacques A. Vidrine <nectar at celabo.org> http://www.celabo.org/
NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos
jvidrine at verio.net . nectar at FreeBSD.org . nectar at kth.se
More information about the Kerberos
mailing list