[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: windows interop

To: heimdal-discuss@sics.se
Subject: Re: windows interop
From: Andy Polyakov <appro@fy.chalmers.se>
Date: Fri, 14 Dec 2007 13:38:39 +0100
In-Reply-To: <47624715.10405@fy.chalmers.se>
List-Archive: <http://list.sics.se/sympa/arc/heimdal-discuss>
List-Help: <mailto:sympa@sics.se?subject=help>
List-Id: <heimdal-discuss.sics.se>
List-Owner: <mailto:heimdal-discuss-request@sics.se>
List-Post: <mailto:heimdal-discuss@sics.se>
List-Subscribe: <mailto:sympa@sics.se?subject=subscribe%20heimdal-discuss>
List-Unsubscribe: <mailto:sympa@sics.se?subject=unsubscribe%20heimdal-discuss>
References: <47615425.4000009@fy.chalmers.se> <2E539AE1-4C10-4BF5-BB47-A4DE50C240E9@jpl.nasa.gov> <47624715.10405@fy.chalmers.se>
Reply-To: heimdal-discuss@sics.se, Andy Polyakov <appro@fy.chalmers.se>
User-Agent: Thunderbird 2.0.0.9 (X11/20071031)

> PA-ENCTYPE-INFO is not the only place where [non-existing in this 
> case] salt appears, it's exposed in PA-PW-SALT on wire

Speaking of which. I've spotted following in 5.2.7.3 of RFC4120:

    "... As
    noted in section 3.1.3, a KDC MUST NOT send PA-PW-SALT when the
    client's AS-REQ includes at least one "newer" etype."

I can't see that 3.1.3 spells it this way though. For reference, 
presence of PA-PW-SALT in AS-REP does not seem to affect interop with 
Vista (which includes "newer" etype). A.

References:
- windows interop
  - From: Andy Polyakov <appro@fy.chalmers.se>
- Re: windows interop
  - From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
- Re: windows interop
  - From: Andy Polyakov <appro@fy.chalmers.se>

Prev by Date: Re: CAC authentication to @mil via subordinate domain w/ heimdal
Next by Date: RE: GSSAPI and realm lookup hook
Prev by thread: Re: windows interop
Next by thread: Listing of anesthesiologists and 34 more specialties
Index(es):
- Date
- Thread