Multiple domain referral patch and Kerberos 1.31

Kevin Coffman kwc at citi.umich.edu
Wed Sep 24 15:31:38 EDT 2003


No referral is issued unless the client sets the KDC_OPT_NAME_CANONICALI
ZE option flag in the TGS request.  So a client should never get a 
referral that is unexpected.

I'm not sure about the cross-realm interaction since no MIT client ever 
sets the flag.

K.C.


> Concerns I'd have--and note that these are simply concerns I'd have
> before integrating the patch.  The Kerberos working group has decided
> this is the direction we're going in.
> 
> How do MIT clients deal with getting a referal they are not expecting?
> 
> How does this interact with the client-side cross-realm logic in MIT
> clients?
> 
> 




More information about the Kerberos mailing list