pam_krb5 with PKINIT from Heimdal and MIT
Jeffrey Hutzelman
jhutz at cmu.edu
Fri Oct 13 16:26:09 EDT 2006
On Friday, October 13, 2006 04:02:01 PM -0400 Sam Hartman
<hartmans at mit.edu> wrote:
> FTR, I am entirely unconvinced that padata should be unordered. I
> think this is a fairly bad idea.
> I think it in acceptable for a client to reorder padata with no
> associated data in a preauth_required error.
>
>
> I'm open to arguments about why unordered preauth is good, but I'm
> concerned that it will limit flexibility for extending Kerberos.
I think this is a topic you should take to the working group.
-- Jeff
More information about the krbdev
mailing list