X-CACHECONF in cache type 0504
Tim at cybersafe.com
Thu Nov 18 13:58:45 EST 2010
We are using MS AD 2003 with latest fixes applied. Maybe MS have added
FAST support ???
Maybe we will run wireshark trace to see what is happening.
On 18/11/2010 18:56, "Greg Hudson" <ghudson at mit.edu> wrote:
>On Thu, 2010-11-18 at 13:27 -0500, Tim Alsop wrote:
>> How do you explain this extra cache entry if Active Directory is being
>> used, which is not supporting FAST ?
>We write that config entry if the encrypted padata response from the KDC
>contains a padata element of type 136 (PA-FX-FAST).
>When I kinit against an old MIT KDC, or against the AD 2003 KDC we have
>here, the code does not see such a padata element and does not write the
>config entry. Without further investigation on your end, I cannot
>explain why you are seeing the config entry in your tests.
More information about the krbdev