Kerberos dev project for review: domain_realm mapping via KDCreferral
Ken Raeburn
raeburn at MIT.EDU
Tue Apr 29 16:04:13 EDT 2008
On Apr 29, 2008, at 15:45, Tim Alsop wrote:
> I am wondering why this feature not being described in an IETF
> draft, so
> that other non-MIT clients can be interoperable with MIT KDC and other
> KDCs can have this feature added to be interoperable with MIT
> clients ?
This is an implementation of a limited form of the KDC-side support
for the referrals draft. Limited, in that its only source of data is
the domain_realm mapping so it can't differentiate by individual
principal names or service names, it'll only work in TGS exchanges, it
doesn't support referrals that tell the client to look up a different
server name, etc. But it should handle some of the most common cases,
and works to simplify client-side configuration (in the MIT
implementation).
Ken
More information about the krbdev
mailing list