On Mon, 2016-12-12 at 09:42 +0100, Christian Heimes wrote: > Hi Simo, > > I'm wondering if we need to change kdcproxy for anon pkinit. What kind > of Kerberos requests are performed by anon pkinit and to establish a > FAST tunnel? python-kdcproxy allows only request types AS-REQ, TGS-REQ > and AP-REQ+KRB-PRV. Responses are not filtered.
No changes needed, we only use AS and TGS request types. Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code