Automatic FAST via Anonymous PKINIT
Greg Hudson
ghudson at MIT.EDU
Mon Jun 2 15:59:37 EDT 2014
On 06/02/2014 03:26 PM, Nathaniel McCallum wrote:
> Even if we use FAST to encrypt all traffic, the temporary anonymous
> ticket will only be used for ASReq requests.
TGS requests do not need separate ticket armor to use FAST. We have
been automatically making FAST TGS requests since 1.11, although we
don't currently do anything to enforce a FAST TGS response. (And we
can't without additional protocol support, since Heimdal's KDC added
FAST negotiation without supporting FAST TGS.)
More information about the krbdev
mailing list