preauth mechanism functioning at the client-side

Gopal Paliwal gopalpaliwal at
Mon Aug 13 13:22:40 EDT 2007


I am implementing a OTP support mechanism in existing kerberos 1.6.1.
Till now, i have done the server changes and the AS_REP contains one more
required timestamp as OTP one. I wish to know, will the existing client be
able to send 2 preauth sequences (one is pa_enc_timestamp) and the other one
is my declared preauth-using OTP.
Or the client just sends any-one of the asked preauth type.

I see that the server would able to support more than one preauth-type sent
by the client by making it verify each preauth type in a loop but i am not
sure about how the client behaves in sending multi-preauth types.

I debugged the client code and I could make out that the client gets my
created preauth mechanism as hint but still it selects enc_time-stamp as a
default one to reply back. The number I chose for my preauth type is 32.

-Gopal Paliwal

More information about the krbdev mailing list