X-CACHECONF in cache type 0504

Tim Alsop Tim at cybersafe.com
Thu Nov 18 14:00:08 EST 2010


Is it possible that the MIT klist is not showing the extra entry ? We are
not using MIT klist, which might be why we see it ?
Just a thought.


On 18/11/2010 18:56, "Greg Hudson" <ghudson at mit.edu> wrote:

>On Thu, 2010-11-18 at 13:27 -0500, Tim Alsop wrote:
>> How do you explain this extra cache entry if Active Directory is being
>> used, which is not supporting FAST ?
>We write that config entry if the encrypted padata response from the KDC
>contains a padata element of type 136 (PA-FX-FAST).
>When I kinit against an old MIT KDC, or against the AD 2003 KDC we have
>here, the code does not see such a padata element and does not write the
>config entry.  Without further investigation on your end, I cannot
>explain why you are seeing the config entry in your tests.

More information about the krbdev mailing list