Delegated creds and SPNEGO

Love Hörnquist Åstrand lha at
Wed Aug 26 13:45:17 EDT 2009

26 aug 2009 kl. 10:09 skrev Luke Howard:

> So, I'm wondering: was this fixed correctly? Is the expectation that,
> when using pseudo-mechanisms

pseudo mechs are mostly broken. basically every time you add a new  
pseudo or combined mech you are running into this problems what you  

for example acquiring NTLM initator credentials to use with SPNEGO is,  
well complicated and have performance problem since it will probably  
get kerberos initator credentials at the same time.

I don't even think its possible to tell ISC what you want it to do.

Does this discussion belong on KITTEN ?

Special casing SPNEGO is bad since that cuts out all other pseudo  
combined mechs (like compression).


More information about the krbdev mailing list