[
https://issues.apache.org/jira/browse/DIRKRB-127?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14572023#comment-14572023
]
Kai Zheng commented on DIRKRB-127:
----------------------------------
Thanks Jiajia for this great work! The patch looks great, just a comment: looks
like we missed to check the target service specified in token audience should
match with the target server principal for the service ticket request or
TGS-REQ?
> Implementing the TokenPreauth Access Token profile
> --------------------------------------------------
>
> Key: DIRKRB-127
> URL: https://issues.apache.org/jira/browse/DIRKRB-127
> Project: Directory Kerberos
> Issue Type: Sub-task
> Reporter: Kai Zheng
> Assignee: Jiajia Li
> Attachments: DIRKRB-127-v1.patch
>
>
> This is to implement the Access Token profile based on the token-preauth
> mechanism defined in the draft. Ref. docs/accesstoken-profile.pdf. The
> resultant work is only for experimental usage can only be promoted for
> production when the draft is finally passed. Currently we're collaborating
> with MIT Kerberos team discussing thru the spec but due to the low priority
> it's running very slow. By this implementation and possible POCs good
> experience can be obtained as feedback to refine the draft.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
