[15723] in Kerberos_V5_Development
Re: preauth (I'm a Roomba in a 2'x2' room)
daemon@ATHENA.MIT.EDU (Jeff Blaine)
Wed Apr 28 17:54:15 2010
Message-ID: <4BD8AE84.6030103@kickflop.net>
Date: Wed, 28 Apr 2010 17:54:12 -0400
From: Jeff Blaine <jblaine@kickflop.net>
MIME-Version: 1.0
To: "krbdev@mit.edu" <krbdev@mit.edu>
In-Reply-To: <4BD7A344.4060801@kickflop.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
I found this today in draft-ietf-krb-wg-preauth-framework-16
> 3.2. Initial Pre-authentication Required Error
>
> ...
> The KDC needs to choose which mechanisms to offer the client. The
> client needs to be able to choose what mechanisms to use from the
> first message. For example consider the KDC that will accept
> mechanism A followed by mechanism B or alternatively the single
> mechanism C. A client that supports A and C needs to know that it
> should not bother trying A.
>
> Mechanisms can either be sufficient on their own or can be part
> of an authentication set--a group of mechanisms that all need to
> successfully complete in order to authenticate a client.
> ...
So clearly this has been thought of. Do we just say that
MIT Kerberos does not support this draft yet? Or do we just
say that the statements above are purely hypothetical and
not part of the real draft's intended scope?
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev