disallow requests naming principal as a service
hartmans at MIT.EDU
Tue Mar 26 18:14:00 EST 2002
>>>>> "John" == John Brezak <jbrezak at windows.microsoft.com> writes:
John> Since the response is not authenticated, the client should
John> not wholely depend on the KDC to guide its action.
John> Ultimately, the client's policy should determine what action
John> to take when the KDC is not able to provide a ticket for the
John> requested service. However, it would become very
John> inefficient for the client to always try user2user if the
John> KDC failed to return a service ticket.
My argument is that you shouldn't design a protocol that requires the
client to depend on the KDC. By the time the client asks for a
Kerberos ticket it should already be committed to the non-u2u or U2U
In the case of SASL or GSSAPI applications, the server should offer
the normal krb5 mechanism only when it has a service key, and a U2U
mechanism only when it has a TGT.
More information about the krbdev