disallow requests naming principal as a service

Sam Hartman hartmans at MIT.EDU
Tue Mar 26 19:52:00 EST 2002

>>>>> "Moore," == Moore, Patrick <pcmoore at sandia.gov> writes:

    Moore,> It's not required by our globus application, nor by U2U
    Moore,> draft.  We use it if we get it, (and we get it today from
    Moore,> DCE KDCs) and possibly save some round-trips. The U2U
    Moore,> draft doesn't preclude in any way negotiating in advance
    Moore,> whether U2U is required.  But supports that you MAY learn
    Moore,> that from the KDC or from the server.

I tried to ask this in SLC (or wherever the U2U mechanism was last
discussed) but apparently failed.

I'd like to see text in the U2u draft discussing negotiation and
saying that protocol designers contemplating the use of the U2U GSSAPI
mechanism should provide a negotiation layer both to provide for
negotiation of future authentication mechanisms and to provide for
selection  of U2U vs normal Kerberos  in cases where both are allowed or where the KDC does not communicate the info.

I don't have a problem with giving application designers an error code
to work with for legacy applications.  I do want to make sure we
explain the issues to future protocol designers so that we don't get a
bunch of protocols that rely on the KDC returning some error code when
doing so will not work correctly even in cases where the KDC
implements the error.

More information about the krbdev mailing list