Kerberos dev project for review: domain_realm mapping via KDCreferral
Ken Raeburn
raeburn at MIT.EDU
Tue Apr 29 22:22:23 EDT 2008
On Apr 29, 2008, at 17:25, Tim Alsop wrote:
> Ok, thanks for explaining. I am now clear that this is an
> implementation
> of the draft. If this is the case, why didn't the design on the wiki
> say
> this so it is clear which draft version this is based on ?
Because I've spent enough time myself dealing with the referrals draft
that I thought it would be obvious to the whole world. :) I'll put in
a pointer to the draft.
I'm not sure there's a good answer to "which version". Problem is, we
do want the implementation (on both sides) to work with the final
RFC. That's part of why it's limited to the TGS exchange -- the fix
for the security issue in the AS exchange is to include additional
data in the AS-REP, and while the TGS referral case is probably
stable, the new data type for the AS case may change before the final
version. Probably I can just note the current version and we'll leave
it be at that...
Ken
More information about the krbdev
mailing list