Delegated creds and SPNEGO
Love Hörnquist Åstrand
lha at kth.se
Wed Aug 26 13:45:17 EDT 2009
26 aug 2009 kl. 10:09 skrev Luke Howard:
> So, I'm wondering: was this fixed correctly? Is the expectation that,
> when using pseudo-mechanisms
pseudo mechs are mostly broken. basically every time you add a new
pseudo or combined mech you are running into this problems what you
described
for example acquiring NTLM initator credentials to use with SPNEGO is,
well complicated and have performance problem since it will probably
get kerberos initator credentials at the same time.
I don't even think its possible to tell ISC what you want it to do.
Does this discussion belong on KITTEN ?
Special casing SPNEGO is bad since that cuts out all other pseudo
combined mechs (like compression).
Love
More information about the krbdev
mailing list