Question about draft-ietf-krb-wg-kerberos-referrals
Tim Alsop
Tim.Alsop at CyberSafe.Com
Thu Jan 3 07:47:45 EST 2008
I wondered if somebody could give me some advice on the referrals draft
?
In http://archives.postgresql.org/pgsql-interfaces/2002-09/msg00046.php
in section 5 (client referrals) it mentions checking if the canonical
flag is set - see below:
If the account is not present in the realm specified in the request
and the "canonicalize" KDC option is set, the KDC will try to lookup
the entire name, alice at MS.COM, using a name service. If this lookup
is unsuccessful, it MUST return the error KDC_ERR_C_PRINCIPAL_UNKNOWN
[3].
I assume this check is to determine if the Kerberos client is Microsoft
Windows ? If so, I am aware of at least 2 Kerberos clients running on
UNIX or Linux which are able to send the canonical flag in a request, so
surely using this flag to determine if the client is Microsoft is not a
good idea ?
I look forward to any feedback on this ?
Thanks,
Tim
More information about the krbdev
mailing list