[16468] in Kerberos_V5_Development
Re: X-CACHECONF in cache type 0504
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Nov 18 13:18:44 2010
From: Greg Hudson <ghudson@mit.edu>
To: Frank Cusack <frank+krb@linetwo.net>
In-Reply-To: <A582E1F3D03788137B5BF9E5@cusack.local>
Date: Thu, 18 Nov 2010 13:18:40 -0500
Message-ID: <1290104320.2633.1199.camel@ray>
Mime-Version: 1.0
Cc: "krbdev@MIT.EDU" <krbdev@mit.edu>, Tim Alsop <tim@cybersafe.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Thu, 2010-11-18 at 13:07 -0500, Frank Cusack wrote:
> I find it interesting that kinit puts this info in the ccache and
> kinit -R removes it.
That's an implementation imperfection, but it's not terribly important
just yet. The config entry is used to determine whether the KDC has
FAST support, and is currently only used when the caller supplies an
armor ccache to krb5_get_init_creds. We don't really expect people to
use renewed credentials as armor ccaches.
When we implement client-side FAST TGS support it will probably become
relevant.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
