[15775] in Kerberos_V5_Development

home help back first fref pref prev next nref lref last post

Re: Proper way to do logging (KDC) from preauth plugin?

daemon@ATHENA.MIT.EDU (Sam Hartman)
Mon May 10 05:17:07 2010

From: Sam Hartman <hartmans@mit.edu>
To: Jeff Blaine <jblaine@kickflop.net>
Date: Mon, 10 May 2010 05:16:58 -0400
In-Reply-To: <tslr5lmmvfe.fsf@mit.edu> (Sam Hartman's message of "Sat, 08 May
	2010 08:26:13 -0400")
Message-ID: <tslbpcouned.fsf@mit.edu>
MIME-Version: 1.0
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu

>>>>> "Sam" == Sam Hartman <hartmans@MIT.EDU> writes:

    Sam> It does.  What a bad idea; I wish I had realized that when I
    Sam> originally reviewed that code.  (The general idea seems sound,
    Sam> but it's sort of at the wrong level.)  I'm sorry I didn't
    Sam> remember.  _______________________________________________


Actually, does PA_REQUIRED actually require that the client include that
particular pa type or simply require that if present it must succeed?
If the semantics are:
1) advertize in list
2) If client includes pa type then it must succeed
3) If PREAUTH_REQUIRED set then the client must include some PA_REQUIRED
or PA_SUFFICIENT type

that seems fine.
_______________________________________________
krbdev mailing list             krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

home help back first fref pref prev next nref lref last post