[32828] in Kerberos
Re: Different behaviour of mod_auth_kerb depending on kerberos stack
daemon@ATHENA.MIT.EDU (Russ Allbery)
Wed Oct 20 13:19:08 2010
From: Russ Allbery <rra@stanford.edu>
To: kerberos@mit.edu
In-Reply-To: <20101020083034.728a0640@willson.li.ssimo.org> (Simo Sorce's
message of "Wed, 20 Oct 2010 08:30:34 -0400")
Date: Wed, 20 Oct 2010 10:19:01 -0700
Message-ID: <87zku8u6ii.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Simo Sorce <ssorce@redhat.com> writes:
> Russ Allbery <rra@stanford.edu> wrote:
>> Heimdal is doing that check, but it's apparently smart enough to ask
>> your KDC and resolve the alias first, so it finds the right principal.
> Or maybe it just tries all the keys regardless of their principal name,
> and if one succedes in decrypting the payload it just uses it.
> It is probably much faster this way.
Oh, good point. You're right, that would be a lot more efficient, and I
don't see any obvious drawback.
--
Russ Allbery (rra@stanford.edu) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos