Implementing a multi-round trip preauthentication method
Sam Hartman
hartmans at MIT.EDU
Wed Oct 6 10:06:45 EDT 2010
>>>>> "Alejandro" == Alejandro Perez Mendez <alex at um.es> writes:
Alejandro> Hello Sam, thanks for your quick a complete
Alejandro> response. Actually, I don't want to use FAST.
Alejandro> As you mentioned, I saw that there exists a preauth
Alejandro> plugin interface with some preauth_plugins, so I could
Alejandro> take one of them and use it as a template to build
Alejandro> mine. I also saw that within this interface there is a
Alejandro> try_again() method defined that is called when an error
Alejandro> is received from the KDC. I could use that function to
Alejandro> send the next request when
Alejandro> KDC_ERR_MORE_PREAUTH_DATA_NEEDED is received from the
Alejandro> KDC. Am I right?
If you do this, your plugin will probably break when we add real support for
multi-round-trip mechanisms.
However, besides that, I think you'll probably be OK on the client.
That won't really help with the KDC.
What preauth interface are you implementing? I've already talked to a
group from your university about preauth for EAP.
More information about the krbdev
mailing list