[32568] in Kerberos
RE: Microsoft Active Directory / PKINIT
daemon@ATHENA.MIT.EDU (Tim Alsop)
Thu Aug 12 18:18:57 2010
From: Tim Alsop <Tim@cybersafe.com>
To: Greg Hudson <ghudson@mit.edu>
Date: Thu, 12 Aug 2010 20:44:47 +0100
Message-ID: <1A136DCE57F98F4B8BAB5FFC69C8E6DAD107466B51@exchange.cybersafe.local>
In-Reply-To: <1281640491.8066.835.camel@ray>
Content-Language: en-US
MIME-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Greg,
Thankyou. I hoped this was the case, but wasn't sure.
Regards,
Tim
-----Original Message-----
From: Greg Hudson [mailto:ghudson@mit.edu]
Sent: 12 August 2010 20:15
To: Tim Alsop
Cc: kerberos@mit.edu
Subject: Re: Microsoft Active Directory / PKINIT
On Thu, 2010-08-12 at 07:26 -0400, Tim Alsop wrote:
> Also, I am interested to know about interoperability between the
> draft-9 implementation and the RFC 4556 implementation. For example,
> does the PKINIT included in the MIT code, which is RFC compliant
> interoperate with MS AD (draft-9) ?
The PKINIT code in MIT krb5 attempts to interoperate with MS AD, and to the best of my knowledge does so, although we don't regularly test that scenario.
(That's the result of a lot of deliberate code, though; draft-9 and the RFC implementation are not interoperable, and I believe they use different preauth codes as a result of there being draft-9 implementations in the field.)
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
