questions about pre-auth
Sam Hartman
hartmans at MIT.EDU
Thu Jun 10 15:00:06 EDT 2004
>>>>> "Pierre" == Pierre Goyette <pierre at montreal.hcl.com> writes:
Pierre> Jeff, I was taking some network traces an noticed that the
Pierre> client (even 2.6.3) always first makes a basic AS-REQ and
Pierre> then if it fails with a PREAUTH_REQUIRED, then makes a new
Pierre> attempt with the preauthentication data.
Pierre> Is there an option in the Windows client so that the
Pierre> client always includes the preauthenication data in the
Pierre> first AS-REQ ?
There is an API for this but it is not exposed through the UI. As
Kerberos evolves this will become less and less useful because the
proper preauth to use will be less obvious and because the client is
more likely to need information from the server in order to construct
the first request.
More information about the Kerberos
mailing list