Proposal to export gssapi context
Nicolas Williams
Nicolas.Williams at sun.com
Wed Mar 10 10:48:38 EST 2004
On Wed, Mar 10, 2004 at 09:52:21AM -0500, Kevin Coffman wrote:
Nico> Yes, I got this.
Nico>
Nico> Of course, on such clients one can limit the set of enctypes one will
Nico> accept for ticket session keys. Basically, one must have consistent
Nico> enctype support throughout accross all applications that share a given
Nico> Kerberos V credential. This applies to initiators, and it applies to
Nico> acceptors. It's a simple rule.
Kevin> We have an additional constraint of which enctypes are supported by
Kevin> the kernel.
Precisely. The kernel counts as an "application" for the purposes of
the above.
Nico
--
More information about the krbdev
mailing list