Is this TGS-REP legal now?
Tom Yu
tlyu at MIT.EDU
Thu Mar 18 11:31:07 EDT 2010
Sam Hartman <hartmans at MIT.EDU> writes:
>>>>>> "Weijun" == Weijun Wang <Weijun.Wang at sun.com> writes:
>
> Weijun> How do I interpret "the only case" below? It sounds like KDC
> Weijun> should only return a referral if the request is for a TGT.
>
> That's correct: RFC 4120 only permits referrals for TGTs.
>
> Modern Kerberos uses the canonicalize flag to permit referrals in other
> situations.
The request was asking for a non-TGS service and getting a TGT in
reply, without having set the canonicalize flag, at least if I read it
correctly.
More information about the krbdev
mailing list