[Nicolas Williams <Nicolas.Williams@sun.com>] client-side pre-auth re-architecting

Nicolas Williams Nicolas.Williams at sun.com
Wed Jan 1 02:30:00 EST 2003

On Tue, Dec 31, 2002 at 05:15:18PM -0800, Nicolas Williams wrote:
> On Tue, Dec 31, 2002 at 04:30:26PM -0500, Ken Hornstein wrote:
> > >I thought we were going to propose preauth type name using constant
> > >from RFC, string data name within the preauth rather than a single
> > >string.
> > 
> > I think I'm missing some context here, or I'm confused.  Exactly what
> > do you mean?  (I'm clueless)
> Sam is referring to the generic pre-auth gic option API mentioned
> earlier in this thread.
> Sam,
> Thank you, you're right and I'd forgotten about that - I hadn't made a
> note of it.

Actually, I now think we shouldn't use the pre-auth numbers from the
protocol in this API.  If you'll remember we also talked about
Kerberos extensions, and I proposed making the pre-auth identifiers into
an extensible CHOICE of INTEGER, with an eye to adding OBJECT IDENTIFIER
and RELATIVE-OID options in the future - I'd like that to remain

Happy New Year's,


More information about the krbdev mailing list