pam_krb5 with PKINIT from Heimdal and MIT

Jeffrey Hutzelman jhutz at
Fri Oct 13 16:26:09 EDT 2006

On Friday, October 13, 2006 04:02:01 PM -0400 Sam Hartman 
<hartmans at> wrote:

> FTR, I am entirely unconvinced that padata should be unordered.  I
> think this is a fairly bad idea.
> I think it in acceptable for a client to reorder padata with no
> associated data in a preauth_required error.
> I'm open to arguments about why unordered preauth is good, but I'm
> concerned that it will limit flexibility for extending Kerberos.

I think this is a topic you should take to the working group.

-- Jeff

More information about the krbdev mailing list