RX Kerberos 5 security class requirements of Kerberos library

Nicolas Williams Nicolas.Williams at sun.com
Tue Jan 2 12:38:27 EST 2007

On Tue, Jan 02, 2007 at 11:41:42AM -0500, Sam Hartman wrote:
>     Jeffrey> Before I submit a patch, is the concept of
>     Jeffrey> krb5_generate_creds_with_keytab something that MIT and
>     Jeffrey> Heimdal would accept?  If so, a patch can be ready in a
>     Jeffrey> few hours.
> I'm very uncomfortable with this.  IT takes the KDC out of the loop
> for generating service tickets.  I'm not sure how it will interact
> with future plans for use of authorization data, ticket extensions,
> etc.

I'm uncomfortable with this as well.  Primarily I wonder why rxk5 would
need this for.  I do think that it would be nice to have a general
Ticket constructor API, but I'd rather it be used with much care.


More information about the krbdev mailing list