pam_krb5 with PKINIT from Heimdal and MIT
Nicolas.Williams at sun.com
Thu Oct 12 17:13:06 EDT 2006
On Thu, Oct 12, 2006 at 04:12:42PM -0400, Nalin Dahyabhai wrote:
> The libkrb5 side of things goes through the list of preauth types
> suggested by the KDC, and the first preauth type for which it's able to
> obtain data is deemed good enough to fire off a request to the KDC.
In what order are the pre-auths attempted?
If we agree that PADATA should be considered to be unordered then a
client-side pre-auth preference/precedence order seems necessary.
More information about the krbdev