Kerberos 1.7 and later does not interoperate with AD Read-only DCs

Nico Williams nico at cryptonector.com
Wed Feb 29 18:37:58 EST 2012

Previous message: Kerberos 1.7 and later does not interoperate with AD Read-only DCs
Next message: [RFC] kdb: store mkey list in context and permit NULL mkey for kdb_dbe_decrypt_key_data
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

How does this come up?  Via forwarded TGTs with these weird kvnos in
their enc-part's EncryptedData?

Also, we're not changing the definition for kvno anywhere else, correct?

Finally: do we have to make sure that kvnos for MIT principals never
get larger than 2^31 - 1?

Nico
--

Previous message: Kerberos 1.7 and later does not interoperate with AD Read-only DCs
Next message: [RFC] kdb: store mkey list in context and permit NULL mkey for kdb_dbe_decrypt_key_data
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the krbdev mailing list