Proper way to do logging (KDC) from preauth plugin?
hartmans at MIT.EDU
Mon May 10 05:16:58 EDT 2010
>>>>> "Sam" == Sam Hartman <hartmans at MIT.EDU> writes:
Sam> It does. What a bad idea; I wish I had realized that when I
Sam> originally reviewed that code. (The general idea seems sound,
Sam> but it's sort of at the wrong level.) I'm sorry I didn't
Sam> remember. _______________________________________________
Actually, does PA_REQUIRED actually require that the client include that
particular pa type or simply require that if present it must succeed?
If the semantics are:
1) advertize in list
2) If client includes pa type then it must succeed
3) If PREAUTH_REQUIRED set then the client must include some PA_REQUIRED
or PA_SUFFICIENT type
that seems fine.
More information about the krbdev