Baseline authz data criticality in MIT krb5?

Sam Hartman hartmans at MIT.EDU
Mon Feb 18 16:42:00 EST 2002

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at> writes:

    Nicolas>  From what I can see there is no check for critical
    Nicolas> authorization data in the baseline rd_req() functions in
    Nicolas> the MIT krb5 distro. There ought to be. This means adding
    Nicolas> code to check for AD-IF-RELEVANT and friends at the very
    Nicolas> least and causing rd_req() to return an error if any
    Nicolas> critical authz data elements are present that are also
    Nicolas> not understood by MIT krb5.

Yeah, didn't we talk about this Tuesday in the SIPB office?

More information about the krbdev mailing list