Different behaviour of mod_auth_kerb depending on kerberos stack

Simo Sorce ssorce at redhat.com
Wed Oct 20 08:30:34 EDT 2010


On Tue, 19 Oct 2010 16:18:10 -0700
Russ Allbery <rra at stanford.edu> wrote:

> Heimdal is doing that check, but it's apparently smart enough to ask
> your KDC and resolve the alias first, so it finds the right principal.

Or maybe it just tries all the keys regardless of their principal name,
and if one succedes in decrypting the payload it just uses it.
It is probably much faster this way.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York



More information about the Kerberos mailing list