HW-AUTHENT flag question
William.Fiveash at sun.com
Tue Feb 9 20:05:32 EST 2010
Someone sent me this question:
Microsoft makes a confusing statement in "[MSKILE]"
The HW-AUTHENT flag
([RFC4120]<http://go.microsoft.com/fwlink/?LinkId=90458> section 2.1):
This flag was originally intended to indicate that hardware-supported
authentication was used during pre-authentication. This flag is no
longer recommended in the Kerberos V5 protocol. KDCs MUST NOT issue a
ticket with this flag set. KDCs SHOULD NOT preserve this flag if it is
set by another KDC.
Who said that it "is no longer recommended"? I did not hear anything
like this elsewhere and IMHO this the exact opposite of what makes
What is the current take on HW-AUTHENT flag?
Sun Microsystems Inc.
Sent from mutt, a sweet ASCII MUA
More information about the krbdev