issue with MIT KDC and LDAP DS

Jeffrey Hutzelman jhutz at
Fri May 22 20:31:55 EDT 2009

--On Friday, May 22, 2009 08:12:38 PM -0400 Ken Raeburn <raeburn at MIT.EDU> 

> It is a backwards-incompatible protocol change (if you consider "stop
> sending queries after any response" to be part of the original protocol),
> but it's already deployed, some time ago.

I don't, particularly, but the original protocol didn't provide any way to 
signal to a client that it should try another KDC, and dropping the request 
on the floor works.

-- Jeff

More information about the krbdev mailing list