Different behaviour of mod_auth_kerb depending on kerberos stack
Russ Allbery
rra at stanford.edu
Wed Oct 20 13:19:01 EDT 2010
Simo Sorce <ssorce at redhat.com> writes:
> Russ Allbery <rra at stanford.edu> wrote:
>> Heimdal is doing that check, but it's apparently smart enough to ask
>> your KDC and resolve the alias first, so it finds the right principal.
> Or maybe it just tries all the keys regardless of their principal name,
> and if one succedes in decrypting the payload it just uses it.
> It is probably much faster this way.
Oh, good point. You're right, that would be a lot more efficient, and I
don't see any obvious drawback.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list