[16471] in Kerberos_V5_Development
Re: X-CACHECONF in cache type 0504
daemon@ATHENA.MIT.EDU (Tim Alsop)
Thu Nov 18 14:23:32 2010
From: Tim Alsop <Tim@cybersafe.com>
To: Greg Hudson <ghudson@mit.edu>, Tim Alsop <Tim@cybersafe.com>
Date: Thu, 18 Nov 2010 19:00:08 +0000
Message-ID: <C90B281A.27710%Tim.Alsop@CyberSafe.com>
In-Reply-To: <1290106601.2633.1217.camel@ray>
Content-Language: en-US
MIME-Version: 1.0
Cc: "krbdev@MIT.EDU" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Greg,
Is it possible that the MIT klist is not showing the extra entry ? We are
not using MIT klist, which might be why we see it ?
Just a thought.
Thanks,
Tim
On 18/11/2010 18:56, "Greg Hudson" <ghudson@mit.edu> wrote:
>On Thu, 2010-11-18 at 13:27 -0500, Tim Alsop wrote:
>> How do you explain this extra cache entry if Active Directory is being
>> used, which is not supporting FAST ?
>
>We write that config entry if the encrypted padata response from the KDC
>contains a padata element of type 136 (PA-FX-FAST).
>
>When I kinit against an old MIT KDC, or against the AD 2003 KDC we have
>here, the code does not see such a padata element and does not write the
>config entry. Without further investigation on your end, I cannot
>explain why you are seeing the config entry in your tests.
>
>
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
