GSS-krb5 and enctype lists, revisited

Nicolas Williams Nicolas.Williams at
Fri Apr 18 12:49:03 EDT 2003

On Fri, Apr 18, 2003 at 11:44:10AM -0500, Steven Michaud wrote:
> So, before _too_ long, the problem that Ken Raeburn's talking about
> should disappear.  This seems to strengthen the argument for an
> interim solution -- one that doesn't permanently (publicly) change the
> MIT Kerberos API.

Except that the application (libgssapi_krb5 in this case) still has no
business knowing, specifying or caring what enctypes are used for
whatever TGTs are needed in the process of getting the desired service
ticket - the application should only be able to constrain the enctypes
for the service ticket.

This means a fix can be made which modifies no APIs and introduces no
internal APIs.

What's wrong with Sam's suggestion then?  Nothing that I can see.



More information about the krbdev mailing list