[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pam_krb5 with PKINIT from Heimdal and MIT
- To: Nalin Dahyabhai <nalin@redhat.com>
- Subject: Re: pam_krb5 with PKINIT from Heimdal and MIT
- From: Nicolas Williams <Nicolas.Williams@sun.com>
- Date: Thu, 12 Oct 2006 16:13:06 -0500
- Cc: "Douglas E. Engert" <deengert@anl.gov>, Björn Torkelsson <torkel@hpc2n.umu.se>, Russ Allbery <rra@stanford.edu>, heimdal-discuss@sics.se, Kevin Coffman <kwc@citi.umich.edu>, Matthijs Mohlmann <matthijs@cacholong.nl>, Jim Rees <rees@citi.umich.edu>, "'krbdev@mit.edu'" <krbdev@mit.edu>
- In-Reply-To: <20061012201242.GC7647@redhat.com>
- Mail-Followup-To: Nalin Dahyabhai <nalin@redhat.com>,"Douglas E. Engert" <deengert@anl.gov>,Björn Torkelsson <torkel@hpc2n.umu.se>,Russ Allbery <rra@stanford.edu>, heimdal-discuss@sics.se,Kevin Coffman <kwc@citi.umich.edu>,Matthijs Mohlmann <matthijs@cacholong.nl>,Jim Rees <rees@citi.umich.edu>, "'krbdev@mit.edu'" <krbdev@mit.edu>
- References: <20061003.173359.94351658.haba@habarber.pdc.kth.se> <20061003133404.223b2985.mba2000@ioplex.com> <4523D4FB.6010000@anl.gov> <1160033063.22711.6.camel@monsun.hpc2n.umu.se> <452551E7.7010009@anl.gov> <873ba2siou.fsf@windlord.stanford.edu> <45255B9A.7060106@anl.gov> <877izefgjx.fsf@windlord.stanford.edu> <452687DF.20004@anl.gov> <20061012201242.GC7647@redhat.com>
- Sender: owner-heimdal-discuss@sics.se
- User-Agent: Mutt/1.5.7i
On Thu, Oct 12, 2006 at 04:12:42PM -0400, Nalin Dahyabhai wrote:
The libkrb5 side of things goes through the list of preauth types
suggested by the KDC, and the first preauth type for which it's able to
obtain data is deemed good enough to fire off a request to the KDC.
In what order are the pre-auths attempted?
If we agree that PADATA should be considered to be unordered then a
client-side pre-auth preference/precedence order seems necessary.
Nico
--