Frank Cusack frank+krb at linetwo.net
Wed Dec 29 16:03:04 EST 2010

Does MIT implement the OPT-HARDWARE-AUTH option?  (RFC 4120 2.9.3)

It doesn't seem so.  As it is just a boolean flag in the AS-REQ, is
there a way to set an arbitrary (unknown/no-keyword) option in the
client request?  Like how a dhcp client or server configuration can
just set arbitrary options that the client/server doesn't actually
understand the meaning of.  Obviously the KDC would have to know
what to do with it, but at least older clients wouldn't have to
be modified.

More information about the krbdev mailing list