[16323] in Kerberos-V5-bugs
[krbdev.mit.edu #8814] Listing third-party KDC modules
daemon@ATHENA.MIT.EDU (Greg Hudson via RT)
Mon Jun 10 00:21:44 2019
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: Greg Hudson via RT <rt-comment@KRBDEV-PROD-APP-1.mit.edu>
In-Reply-To: <rt-8814@krbdev.mit.edu>
Message-ID: <rt-8814-49479.14.9207154600905@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #8814'":;
Date: Mon, 10 Jun 2019 00:21:36 -0400
MIME-Version: 1.0
Reply-To: rt-comment@KRBDEV-PROD-APP-1.mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
I am not sure what the Samba roadmap entry is referring to. The MIT
KDC has supported within-realm S4U2Self since release 1.8. In release
1.17, the KDC supports cross-realm S4U2Self, if the KDB module issues
appropriate realm referrals. This KDC work was done by a Samba
developer, so it is my understanding that the Samba KDB module can
issue those referrals.
(There is another S4U2Self case where the client is identified by X.509
certificate instead of principal name. This case will be supported in
release 1.18, provided that the KDB module implements a new lookup
function.)
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
