Multiple domain referral patch and Kerberos 1.31

Sam Hartman hartmans at MIT.EDU
Wed Sep 24 20:08:30 EDT 2003


>>>>> "Kevin" == Kevin Coffman <kwc at citi.umich.edu> writes:

    Kevin> No referral is issued unless the client sets the
    Kevin> KDC_OPT_NAME_CANONICALI ZE option flag in the TGS request.
    Kevin> So a client should never get a referral that is unexpected.

Ah, so this doesn't implement the closest domain referal for krbtgt
described in RFC 1510?

I would sort of have assumed you'd do that if you were implementing
the Microsoft option.



More information about the Kerberos mailing list