HW-AUTHENT flag question
Will Fiveash
William.Fiveash at sun.com
Tue Feb 9 20:05:32 EST 2010
Someone sent me this question:
==================================================================
Microsoft makes a confusing statement in "[MSKILE]"
http://msdn.microsoft.com/en-us/library/cc233891%28PROT.13%29.aspx
or
http://download.microsoft.com/download/a/e/6/ae6e4142-aa58-45c6-8dcf-a657e5900cd3/%5BMS-KILE%5D.pdf :
The HW-AUTHENT flag
([RFC4120]<http://go.microsoft.com/fwlink/?LinkId=90458> section 2.1):
This flag was originally intended to indicate that hardware-supported
authentication was used during pre-authentication. This flag is no
longer recommended in the Kerberos V5 protocol. KDCs MUST NOT issue a
ticket with this flag set. KDCs SHOULD NOT preserve this flag if it is
set by another KDC.
Who said that it "is no longer recommended"? I did not hear anything
like this elsewhere and IMHO this the exact opposite of what makes
sense.
==================================================================
What is the current take on HW-AUTHENT flag?
--
Will Fiveash
Sun Microsystems Inc.
http://opensolaris.org/os/project/kerberos/
Sent from mutt, a sweet ASCII MUA
More information about the krbdev
mailing list