Client Referral Support
Srinivas Cheruku
srinivas.cheruku at gmail.com
Mon Nov 24 05:19:00 EST 2008
Hi Jeffrey Altman,
>From your reply to email with subject "Question about dns_lookup_realm and
domain_realm":
> >
> > Do we have information on which clients support referrals ?
> > And are they implemented in MIT KDC (and how) ?
> >
> Heimdal, MIT, and Microsoft support referrals as implemented in Windows
> Active Directory.
> The IETF Kerberos working group is still working on an RFC for
> referrals.
>
> http://www.ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-
> referrals-10.txt
>
> Jeffrey Altman
I don't see principal name type NT-ENTERPRISE or Kerberos error code
KDC_ERR_WRONG_REALM supported by MIT krb5-1.6.3 code. Does this mean the
Client Referrals (e.g. trying to authenticate and get TGT using emailid
that is unique across organization and not the actual client principal name)
are not supported by MIT?
But, I see that KRB5_PADATA_REFERRAL (assume same as PA-SERVER-REFERRAL=25
from draft-ietf-krb-wg-kerberos-referrals-10) which is used in code.
#define KRB5_PADATA_REFERRAL 25 /* draft referral system */
Does this mean only Server Referrals are supported by MIT code and not
Client Referrals?
Any clients other than MS supporting Client Referral at moment?
Thanks,
Srini
More information about the Kerberos
mailing list