support for KDC referrals in the MIT KRB5 code
JC Ferguson
jc at acopia.com
Wed Nov 29 16:32:43 EST 2006
Sam - how far off is the I-D from the Windows 2000 behavior?
thank you,
jc
> -----Original Message-----
> From: Sam Hartman [mailto:hartmans at mit.edu]
> Sent: Wednesday, November 29, 2006 14:05
> To: JC Ferguson
> Cc: krbdev at MIT.EDU
> Subject: Re: support for KDC referrals in the MIT KRB5 code
>
>
> >>>>> "JC" == JC Ferguson <jc at acopia.com> writes:
>
> JC> Hi, what version of the MIT KRB5 library code has support for
> JC> the KDC referrals internet draft, i.e.,
> JC>
> http://ietf.org/internet-drafts/draft-ietf-krb-wg-kerberos-ref
errals-08.
JC> txt ? If it isn't supported yet, is it on a roadmap for
JC> future consideration?
Hi. MIt Kerberos 1.6 contains the client side of realm referals. It
can handle receiving a krbtgt principal from a KDC instead of a service
principal.
The code does not support a referral from one service principal to
another within a realm. Also, there is not KDC side support for this
code yet.
The 1.6 release is now in alpha test.
We would be delighted to work with any party that wanted to contribute
more referrals support. We are much more interested in supporting the
internet draft than the Windows 2000 behavior.
More information about the krbdev
mailing list