GSS-krb5 and enctype lists, revisited
Nicolas Williams
Nicolas.Williams at sun.com
Fri Apr 18 12:49:03 EDT 2003
On Fri, Apr 18, 2003 at 11:44:10AM -0500, Steven Michaud wrote:
> So, before _too_ long, the problem that Ken Raeburn's talking about
> should disappear. This seems to strengthen the argument for an
> interim solution -- one that doesn't permanently (publicly) change the
> MIT Kerberos API.
Except that the application (libgssapi_krb5 in this case) still has no
business knowing, specifying or caring what enctypes are used for
whatever TGTs are needed in the process of getting the desired service
ticket - the application should only be able to constrain the enctypes
for the service ticket.
This means a fix can be made which modifies no APIs and introduces no
internal APIs.
What's wrong with Sam's suggestion then? Nothing that I can see.
Cheers,
Nico
--
More information about the krbdev
mailing list