preauth (I'm a Roomba in a 2'x2' room)

Jeff Blaine jblaine at
Wed Apr 28 17:54:12 EDT 2010

I found this today in draft-ietf-krb-wg-preauth-framework-16

 > 3.2.  Initial Pre-authentication Required Error
 > ...
 >    The KDC needs to choose which mechanisms to offer the client.  The
 >    client needs to be able to choose what mechanisms to use from the
 >    first message.  For example consider the KDC that will accept
 >    mechanism A followed by mechanism B or alternatively the single
 >    mechanism C. A client that supports A and C needs to know that it
 >    should not bother trying A.
 >    Mechanisms can either be sufficient on their own or can be part
 >    of an authentication set--a group of mechanisms that all need to
 >    successfully complete in order to authenticate a client.
 > ...

So clearly this has been thought of.  Do we just say that
MIT Kerberos does not support this draft yet?  Or do we just
say that the statements above are purely hypothetical and
not part of the real draft's intended scope?

More information about the krbdev mailing list