Proposal for NIM 2.0 Multiple Identity Provider User Experience andPK-INIT
Jeffrey Altman
jaltman at secure-endpoints.com
Tue Aug 7 22:34:38 EDT 2007
Sam Hartman wrote:
> Jeff, I'm summarizing something we discussed on the phone for the
> list.
>
> MIT believes that it is important to contact the KDC and find out what
> preauth types are available. NIM must respond in a manner that is
> consistent with these preauth types. I.E. if it is obtaining
> credentials for a given kerberos identity and pkinit is not offered by
> the KDC pkinit will not be used.
>
> This will produce non-intuitive behavior in the case where NIM expects
> to get credentials as a result of a certificate and pkinit is not
> offered, but I think all other cases work out reasonably well.
Agreed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20070807/3054f63e/attachment.bin
More information about the krbdev
mailing list