Kerberos dev project for review: domain_realm mapping via KDCreferral

Ken Raeburn raeburn at MIT.EDU
Tue Apr 29 22:22:23 EDT 2008

On Apr 29, 2008, at 17:25, Tim Alsop wrote:
> Ok, thanks for explaining. I am now clear that this is an  
> implementation
> of the draft. If this is the case, why didn't the design on the wiki  
> say
> this so it is clear which draft version this is based on ?

Because I've spent enough time myself dealing with the referrals draft  
that I thought it would be obvious to the whole world. :)  I'll put in  
a pointer to the draft.

I'm not sure there's a good answer to "which version".  Problem is, we  
do want the implementation (on both sides) to work with the final  
RFC.  That's part of why it's limited to the TGS exchange -- the fix  
for the security issue in the AS exchange is to include additional  
data in the AS-REP, and while the TGS referral case is probably  
stable, the new data type for the AS case may change before the final  
version.  Probably I can just note the current version and we'll leave  
it be at that...


More information about the krbdev mailing list