Can we sort preauth data in an AS reply
Jeffrey Hutzelman
jhutz at cmu.edu
Tue Oct 3 15:34:41 EDT 2006
On Tuesday, October 03, 2006 02:40:12 PM -0400 Sam Hartman
<hartmans at mit.edu> wrote:
>
>
> I'm applying the redhat patch and ran across the following:
>
>
> /* process any preauth data in the as_reply */
> krb5_clear_preauth_context_use_counts(context, preauth_context);
> if ((ret = sort_krb5_padata_sequence(context, &request.server->realm,
> local_as_reply->padata)))
> goto cleanup
>
> Under what circumstances is it reasonable for a client to process
> padata out of order? I'd assume it is reasonable to process any
> padata in a preauth_needed error that has no associated data out of
> order, but what about other circumstances?
I see no reason why a client shouldn't be able to process padata in any
order it wants
More information about the krbdev
mailing list