threading best practices?

Luke Howard lukeh at padl.com
Sat Jul 23 07:02:56 EDT 2011


On 23/07/2011, at 12:22 AM, Nico Williams wrote:

> On Fri, Jul 22, 2011 at 7:04 PM, Greg Hudson <ghudson at mit.edu> wrote:
>> On Fri, 2011-07-22 at 18:10 -0400, Nico Williams wrote:
>>> Why are you not using the GSS-API?
>> 
>> Chris started out by asking about user-to-user auth, so I didn't
>> redirect him to GSSAPI since, as far as I know, GSSAPI doesn't have a
>> story there (for the krb5 mech, at least).
> 
> Indeed, the krb5 mech has no story here.  I'm thinking we should have
> the initiator send a bogus AP-REQ with a new auth-options flag.  If
> the server understands it it would respond with a KRB-ERROR with the
> TGT in the e-data, else with a plain KRB-ERROR.

Hasn't draft-swift-win2k-krb-user2user-03 been shipping since Windows 2000?

-- Luke




More information about the Kerberos mailing list