[32826] in Kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Different behaviour of mod_auth_kerb depending on kerberos stack

daemon@ATHENA.MIT.EDU (Simo Sorce)
Wed Oct 20 08:30:40 2010

Date: Wed, 20 Oct 2010 08:30:34 -0400
From: Simo Sorce <ssorce@redhat.com>
To: kerberos@mit.edu
Message-ID: <20101020083034.728a0640@willson.li.ssimo.org>
In-Reply-To: <87k4ld3h71.fsf@windlord.stanford.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

On Tue, 19 Oct 2010 16:18:10 -0700
Russ Allbery <rra@stanford.edu> wrote:

> Heimdal is doing that check, but it's apparently smart enough to ask
> your KDC and resolve the alias first, so it finds the right principal.

Or maybe it just tries all the keys regardless of their principal name,
and if one succedes in decrypting the payload it just uses it.
It is probably much faster this way.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[32826] in Kerberos

Re: Different behaviour of mod_auth_kerb depending on kerberos stack

daemon@ATHENA.MIT.EDU (Simo Sorce)Wed Oct 20 08:30:40 2010

daemon@ATHENA.MIT.EDU (Simo Sorce)
Wed Oct 20 08:30:40 2010