Different behaviour of mod_auth_kerb depending on kerberos stack

[Simo Sorce]

On Tue, 19 Oct 2010 16:18:10 -0700
Russ Allbery <rra at stanford.edu> wrote:

> Heimdal is doing that check, but it's apparently smart enough to ask
> your KDC and resolve the alias first, so it finds the right principal.

Or maybe it just tries all the keys regardless of their principal name,
and if one succedes in decrypting the payload it just uses it.
It is probably much faster this way.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York