Making use of authdata with a custom plugin
jhutz at cmu.edu
Tue Feb 2 23:36:46 EST 2010
--On Tuesday, February 02, 2010 02:10:30 PM -0500 Jeff Blaine
<jblaine at kickflop.net> wrote:
> We're in the discovery phase of implementing some research
> stuff that will make use of authdata
Please bear in mind that Kerberos is not only a software, but also a
standardized protocol with many implementations which must interoperate.
The numbers which identify AD types are part of that protocol, and are a
managed namespace. In specifying the current Kerberos protocol (RFC4120),
the IETF's Kerberos Working Group explicitly chose not to allocate
private-use numbers in this space, due to the potentially serious security
implications if authorization data with such a type were to become visible
to some server which assigned a different meaning to the type.
I encourage you to contact the Kerberos WG to obtain AD type numbers,
rather than picking whatever appear to be the next available numbers in
whatever source you're looking at.
More information about the krbdev