Question about draft-ietf-krb-wg-kerberos-referrals
Tim Alsop
Tim.Alsop at CyberSafe.Com
Thu Jan 3 08:00:14 EST 2008
Oops...
The URL in my email (see below) was wrong. It should have been
http://tools.ietf.org/html/draft-ietf-krb-wg-kerberos-referrals-04
Thanks,
Tim
-----Original Message-----
From: krbdev-bounces at mit.edu [mailto:krbdev-bounces at mit.edu] On Behalf
Of Tim Alsop
Sent: 03 January 2008 12:48
To: krbdev at mit.edu
Subject: Question about draft-ietf-krb-wg-kerberos-referrals
I wondered if somebody could give me some advice on the referrals draft
?
In http://archives.postgresql.org/pgsql-interfaces/2002-09/msg00046.php
in section 5 (client referrals) it mentions checking if the canonical
flag is set - see below:
If the account is not present in the realm specified in the request
and the "canonicalize" KDC option is set, the KDC will try to lookup
the entire name, alice at MS.COM, using a name service. If this lookup
is unsuccessful, it MUST return the error KDC_ERR_C_PRINCIPAL_UNKNOWN
[3].
I assume this check is to determine if the Kerberos client is Microsoft
Windows ? If so, I am aware of at least 2 Kerberos clients running on
UNIX or Linux which are able to send the canonical flag in a request, so
surely using this flag to determine if the client is Microsoft is not a
good idea ?
I look forward to any feedback on this ?
Thanks,
Tim
_______________________________________________
krbdev mailing list krbdev at mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
More information about the krbdev
mailing list