X-CACHECONF in cache type 0504
Tim Alsop
Tim at cybersafe.com
Thu Nov 18 14:00:08 EST 2010
Greg,
Is it possible that the MIT klist is not showing the extra entry ? We are
not using MIT klist, which might be why we see it ?
Just a thought.
Thanks,
Tim
On 18/11/2010 18:56, "Greg Hudson" <ghudson at mit.edu> wrote:
>On Thu, 2010-11-18 at 13:27 -0500, Tim Alsop wrote:
>> How do you explain this extra cache entry if Active Directory is being
>> used, which is not supporting FAST ?
>
>We write that config entry if the encrypted padata response from the KDC
>contains a padata element of type 136 (PA-FX-FAST).
>
>When I kinit against an old MIT KDC, or against the AD 2003 KDC we have
>here, the code does not see such a padata element and does not write the
>config entry. Without further investigation on your end, I cannot
>explain why you are seeing the config entry in your tests.
>
>
More information about the krbdev
mailing list