disallow requests naming principal as a service
Sam Hartman
hartmans at MIT.EDU
Tue Mar 26 19:52:00 EST 2002
>>>>> "Moore," == Moore, Patrick <pcmoore at sandia.gov> writes:
Moore,> It's not required by our globus application, nor by U2U
Moore,> draft. We use it if we get it, (and we get it today from
Moore,> DCE KDCs) and possibly save some round-trips. The U2U
Moore,> draft doesn't preclude in any way negotiating in advance
Moore,> whether U2U is required. But supports that you MAY learn
Moore,> that from the KDC or from the server.
I tried to ask this in SLC (or wherever the U2U mechanism was last
discussed) but apparently failed.
I'd like to see text in the U2u draft discussing negotiation and
saying that protocol designers contemplating the use of the U2U GSSAPI
mechanism should provide a negotiation layer both to provide for
negotiation of future authentication mechanisms and to provide for
selection of U2U vs normal Kerberos in cases where both are allowed or where the KDC does not communicate the info.
I don't have a problem with giving application designers an error code
to work with for legacy applications. I do want to make sure we
explain the issues to future protocol designers so that we don't get a
bunch of protocols that rely on the KDC returning some error code when
doing so will not work correctly even in cases where the KDC
implements the error.
More information about the krbdev
mailing list