[32565] in Kerberos
Re: Microsoft Active Directory / PKINIT
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Aug 12 15:14:58 2010
From: Greg Hudson <ghudson@mit.edu>
To: Tim Alsop <Tim@cybersafe.com>
In-Reply-To: <1A136DCE57F98F4B8BAB5FFC69C8E6DAD107466B43@exchange.cybersafe.local>
Date: Thu, 12 Aug 2010 15:14:51 -0400
Message-ID: <1281640491.8066.835.camel@ray>
Mime-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Thu, 2010-08-12 at 07:26 -0400, Tim Alsop wrote:
> Also, I am interested to know about interoperability between the
> draft-9 implementation and the RFC 4556 implementation. For example,
> does the PKINIT included in the MIT code, which is RFC compliant
> interoperate with MS AD (draft-9) ?
The PKINIT code in MIT krb5 attempts to interoperate with MS AD, and to
the best of my knowledge does so, although we don't regularly test that
scenario.
(That's the result of a lot of deliberate code, though; draft-9 and the
RFC implementation are not interoperable, and I believe they use
different preauth codes as a result of there being draft-9
implementations in the field.)
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
