I'd prefer client MAY mutual auth rather than client SHOULD NOT mutual auth.
If the server does not implement gss-keyex then a sufficiently clever client can get some of the benefits of gss-keyex in some situations by requesting mutual. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
