[15775] in Kerberos_V5_Development
Re: Proper way to do logging (KDC) from preauth plugin?
daemon@ATHENA.MIT.EDU (Sam Hartman)
Mon May 10 05:17:07 2010
From: Sam Hartman <hartmans@mit.edu>
To: Jeff Blaine <jblaine@kickflop.net>
Date: Mon, 10 May 2010 05:16:58 -0400
In-Reply-To: <tslr5lmmvfe.fsf@mit.edu> (Sam Hartman's message of "Sat, 08 May
2010 08:26:13 -0400")
Message-ID: <tslbpcouned.fsf@mit.edu>
MIME-Version: 1.0
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
>>>>> "Sam" == Sam Hartman <hartmans@MIT.EDU> writes:
Sam> It does. What a bad idea; I wish I had realized that when I
Sam> originally reviewed that code. (The general idea seems sound,
Sam> but it's sort of at the wrong level.) I'm sorry I didn't
Sam> remember. _______________________________________________
Actually, does PA_REQUIRED actually require that the client include that
particular pa type or simply require that if present it must succeed?
If the semantics are:
1) advertize in list
2) If client includes pa type then it must succeed
3) If PREAUTH_REQUIRED set then the client must include some PA_REQUIRED
or PA_SUFFICIENT type
that seems fine.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev