PA Data and KLApi's

Sam Hartman hartmans at MIT.EDU
Wed Jan 21 07:29:07 EST 2004

>>>>> "Brian" == Brian  <brianboy at> writes:

    Brian> I am doing pre-authentication with Kerberos. I have turned
    Brian> preauthentication on the server for several accounts, On
    Brian> the client side I notice there are two calls made to
    Brian> Kerberos , The first call AS_REQ for a TGT and the KDC
    Brian> replies with PA required and then then AS_REQ again with
    Brian> PA_DATA

    Brian> Is there a way to send PA data in the request the first
    Brian> time itself

Possibly.  As you point out the API calls do have parameters for this;
you can pass in a set of padata types to use.

But we recommend against doing this because it is fairly untested and
because it will become less useful in the future as more padata types
are added.  If you do try using these API calls and they don't work,
please open bugs.

More information about the krbdev mailing list