[16431] in Kerberos_V5_Development
Re: Implementing a multi-round trip preauthentication method
daemon@ATHENA.MIT.EDU (Sam Hartman)
Wed Oct 6 10:06:53 2010
From: Sam Hartman <hartmans@mit.edu>
To: Alejandro Perez Mendez <alex@um.es>
Date: Wed, 06 Oct 2010 10:06:45 -0400
In-Reply-To: <4CAC78BE.4020103@um.es> (Alejandro Perez Mendez's message of
"Wed, 06 Oct 2010 15:25:18 +0200")
Message-ID: <tslbp77l8ju.fsf@live.suchdamage.org>
MIME-Version: 1.0
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
>>>>> "Alejandro" == Alejandro Perez Mendez <alex@um.es> writes:
Alejandro> Hello Sam, thanks for your quick a complete
Alejandro> response. Actually, I don't want to use FAST.
Alejandro> As you mentioned, I saw that there exists a preauth
Alejandro> plugin interface with some preauth_plugins, so I could
Alejandro> take one of them and use it as a template to build
Alejandro> mine. I also saw that within this interface there is a
Alejandro> try_again() method defined that is called when an error
Alejandro> is received from the KDC. I could use that function to
Alejandro> send the next request when
Alejandro> KDC_ERR_MORE_PREAUTH_DATA_NEEDED is received from the
Alejandro> KDC. Am I right?
If you do this, your plugin will probably break when we add real support for
multi-round-trip mechanisms.
However, besides that, I think you'll probably be OK on the client.
That won't really help with the KDC.
What preauth interface are you implementing? I've already talked to a
group from your university about preauth for EAP.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
