threading best practices?
Luke Howard
lukeh at padl.com
Sat Jul 23 07:02:56 EDT 2011
On 23/07/2011, at 12:22 AM, Nico Williams wrote:
> On Fri, Jul 22, 2011 at 7:04 PM, Greg Hudson <ghudson at mit.edu> wrote:
>> On Fri, 2011-07-22 at 18:10 -0400, Nico Williams wrote:
>>> Why are you not using the GSS-API?
>>
>> Chris started out by asking about user-to-user auth, so I didn't
>> redirect him to GSSAPI since, as far as I know, GSSAPI doesn't have a
>> story there (for the krb5 mech, at least).
>
> Indeed, the krb5 mech has no story here. I'm thinking we should have
> the initiator send a bogus AP-REQ with a new auth-options flag. If
> the server understands it it would respond with a KRB-ERROR with the
> TGT in the e-data, else with a plain KRB-ERROR.
Hasn't draft-swift-win2k-krb-user2user-03 been shipping since Windows 2000?
-- Luke
More information about the Kerberos
mailing list