Using KDC's master key to encrypt data

Greg Hudson ghudson at MIT.EDU
Thu Aug 9 05:23:38 EDT 2012

On 08/09/2012 04:27 AM, Alejandro Perez Mendez wrote:
> as part of the GSS-preauth plugin 
> (, I would like 
> to encrypt & sign the contents of PA-FX-COOKIE

kdcpreauth plugins should not be directly manipulating the cookie; I'm
not even sure if it's possible for them to do so at the moment.  The
current framework will need to be extended to support cookies.  I wrote
a rough design outline for this at:

More information about the krbdev mailing list