[16469] in Kerberos_V5_Development
Re: X-CACHECONF in cache type 0504
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Nov 18 13:56:45 2010
From: Greg Hudson <ghudson@mit.edu>
To: Tim Alsop <Tim@cybersafe.com>
In-Reply-To: <C90B1FE1.276F9%Tim.Alsop@CyberSafe.com>
Date: Thu, 18 Nov 2010 13:56:41 -0500
Message-ID: <1290106601.2633.1217.camel@ray>
Mime-Version: 1.0
Cc: "krbdev@MIT.EDU" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Thu, 2010-11-18 at 13:27 -0500, Tim Alsop wrote:
> How do you explain this extra cache entry if Active Directory is being
> used, which is not supporting FAST ?
We write that config entry if the encrypted padata response from the KDC
contains a padata element of type 136 (PA-FX-FAST).
When I kinit against an old MIT KDC, or against the AD 2003 KDC we have
here, the code does not see such a padata element and does not write the
config entry. Without further investigation on your end, I cannot
explain why you are seeing the config entry in your tests.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
