[16472] in Kerberos_V5_Development
Re: X-CACHECONF in cache type 0504
daemon@ATHENA.MIT.EDU (Tim Alsop)
Thu Nov 18 14:23:32 2010
From: Tim Alsop <Tim@cybersafe.com>
To: Greg Hudson <ghudson@mit.edu>, Tim Alsop <Tim@cybersafe.com>
Date: Thu, 18 Nov 2010 18:58:45 +0000
Message-ID: <C90B27A5.2770A%Tim.Alsop@CyberSafe.com>
In-Reply-To: <1290106601.2633.1217.camel@ray>
Content-Language: en-US
MIME-Version: 1.0
Cc: "krbdev@MIT.EDU" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
We are using MS AD 2003 with latest fixes applied. Maybe MS have added
FAST support ???
Maybe we will run wireshark trace to see what is happening.
Thanks
Tim
On 18/11/2010 18:56, "Greg Hudson" <ghudson@mit.edu> wrote:
>On Thu, 2010-11-18 at 13:27 -0500, Tim Alsop wrote:
>> How do you explain this extra cache entry if Active Directory is being
>> used, which is not supporting FAST ?
>
>We write that config entry if the encrypted padata response from the KDC
>contains a padata element of type 136 (PA-FX-FAST).
>
>When I kinit against an old MIT KDC, or against the AD 2003 KDC we have
>here, the code does not see such a padata element and does not write the
>config entry. Without further investigation on your end, I cannot
>explain why you are seeing the config entry in your tests.
>
>
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
