[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Initial version of PKCROSS implementation
--On Friday, March 28, 2008 03:07:58 PM +0900 KAMADA Ken'ichi
<kamada@nanohz.org> wrote:
> Hello all,
>
> I have put the initial version of our PKCROSS implementation for
> Heimdal at <http://www.taca.jp/krb-cross-realm/pkcross-heimdal.html>.
>
> This is a patch for Heimdal 1.0.1 in the svn repository
> <svn://svn.h5l.se/heimdal/tags/heimdal-release/heimdal-1.0.1>,
> *not for the released tar ball*.
>
> Please note that a serious deployment is premature, because some
> incompatible changes are expected in accordance with the progress of
> standardization.
> - The format of ticket extensions is tentative and will be changed.
In fact, one of the reasons no serious work has been done on PKCROSS in
some time is that it requires ticket extensions and the current Kerberos
protocol does not have them. At this point, I think it is somewhat likely
that the form of ticket extensions we end up with will be significantly
different from what was envisioned when PKCROSS was being worked on.
-- Jeff