Using KDC's master key to encrypt data

[Greg Hudson]

On 08/09/2012 04:27 AM, Alejandro Perez Mendez wrote:
> as part of the GSS-preauth plugin 
> (http://k5wiki.kerberos.org/wiki/Projects/GSS-API_preauth), I would like 
> to encrypt & sign the contents of PA-FX-COOKIE

kdcpreauth plugins should not be directly manipulating the cookie; I'm
not even sure if it's possible for them to do so at the moment.  The
current framework will need to be extended to support cookies.  I wrote
a rough design outline for this at:

http://mailman.mit.edu/pipermail/krbdev/2011-June/010141.html