How to use FAST in TGS requests
Sam Hartman
hartmans at MIT.EDU
Wed May 27 12:41:26 EDT 2009
>>>>> "Greg" == Greg Hudson <ghudson at MIT.EDU> writes:
Greg> On Wed, 2009-05-27 at 14:32 +0530, Srinivas Cheruku wrote:
>> How can I use client code to get service ticket using FAST?
Greg> My understanding is that we have not implemented FAST for
Greg> TGS-REQs yet. (We did implement using a subkey for TGS-REQs
Greg> as an intermediate step, which uncovered four different
Greg> interoperability problems in three different Kerberos
Greg> implementations.)
I have an implementation of FAST TGS requests that was used during
interop testing. I believe that the KDC on the trunk supports FAST
TGS correctly; it works against my implementation and against another
vendor's implementation.
I have not checked in the FAST TGS client side changes for two
reasons. First, as currently written, it breaks interop with non-FAST
KDCs. Secondly, there was some discussion of when we want to try FAST
with the TGS. I think it would be fine to experiment with that for
the 1.8 release, but I felt that it was very late in the 1.7 process
to make that decision.
My implementation is not currently public.
--Sam
More information about the krbdev
mailing list