Can we sort preauth data in an AS reply

Jeffrey Hutzelman jhutz at
Tue Oct 3 15:34:41 EDT 2006

On Tuesday, October 03, 2006 02:40:12 PM -0400 Sam Hartman 
<hartmans at> wrote:

> I'm applying the redhat patch and ran across the following:
>     /* process any preauth data in the as_reply */
>     krb5_clear_preauth_context_use_counts(context, preauth_context);
>     if ((ret = sort_krb5_padata_sequence(context, &request.server->realm,
> 					 local_as_reply->padata)))
> 	goto cleanup
> Under what circumstances is it reasonable for a client to process
> padata out of order?  I'd assume it is reasonable to process any
> padata in a preauth_needed error that has no associated data out of
> order, but what about other circumstances?

I see no reason why a client shouldn't be able to process padata in any 
order it wants

More information about the krbdev mailing list