RX Kerberos 5 security class requirements of Kerberos library
Nicolas.Williams at sun.com
Tue Jan 2 12:38:27 EST 2007
On Tue, Jan 02, 2007 at 11:41:42AM -0500, Sam Hartman wrote:
> Jeffrey> Before I submit a patch, is the concept of
> Jeffrey> krb5_generate_creds_with_keytab something that MIT and
> Jeffrey> Heimdal would accept? If so, a patch can be ready in a
> Jeffrey> few hours.
> I'm very uncomfortable with this. IT takes the KDC out of the loop
> for generating service tickets. I'm not sure how it will interact
> with future plans for use of authorization data, ticket extensions,
I'm uncomfortable with this as well. Primarily I wonder why rxk5 would
need this for. I do think that it would be nice to have a general
Ticket constructor API, but I'd rather it be used with much care.
More information about the krbdev