Proper way to do logging (KDC) from preauth plugin?

Sam Hartman hartmans at MIT.EDU
Mon May 10 05:16:58 EDT 2010

>>>>> "Sam" == Sam Hartman <hartmans at MIT.EDU> writes:

    Sam> It does.  What a bad idea; I wish I had realized that when I
    Sam> originally reviewed that code.  (The general idea seems sound,
    Sam> but it's sort of at the wrong level.)  I'm sorry I didn't
    Sam> remember.  _______________________________________________

Actually, does PA_REQUIRED actually require that the client include that
particular pa type or simply require that if present it must succeed?
If the semantics are:
1) advertize in list
2) If client includes pa type then it must succeed
3) If PREAUTH_REQUIRED set then the client must include some PA_REQUIRED

that seems fine.

More information about the krbdev mailing list