disallow requests naming principal as a service

Sam Hartman hartmans at MIT.EDU
Tue Mar 26 18:00:00 EST 2002

>>>>> "Moore," == Moore, Patrick <pcmoore at sandia.gov> writes:

    Moore,> With this suggested fix, my client would need to try a U2U
    Moore,> handshake upon getting a PRINC_UNKNOWN error from the MIT
    Moore,> KDC.  Not streamlined - but functional enough. Long term,
    Moore,> I'd prefer using KDC_ERR_MUST_USE_USER2USER and report
    Moore,> that back to the client when you see that DUP_SKEY is
    Moore,> allowed but SVR is not.

You should not design protocols in such a manner that you need KDC
responses in order to determine whether you're going to use U2U or
not.  This was one of the more annoying features of the GSSAPI U2U

More information about the krbdev mailing list