Multiple domain referral patch and Kerberos 1.31
Kevin Coffman
kwc at citi.umich.edu
Wed Sep 24 15:31:38 EDT 2003
No referral is issued unless the client sets the KDC_OPT_NAME_CANONICALI
ZE option flag in the TGS request. So a client should never get a
referral that is unexpected.
I'm not sure about the cross-realm interaction since no MIT client ever
sets the flag.
K.C.
> Concerns I'd have--and note that these are simply concerns I'd have
> before integrating the patch. The Kerberos working group has decided
> this is the direction we're going in.
>
> How do MIT clients deal with getting a referal they are not expecting?
>
> How does this interact with the client-side cross-realm logic in MIT
> clients?
>
>
More information about the Kerberos
mailing list