On Nov 9, 2005, at 21:19, Saber Zrelli wrote:
I read this draft and I am trying to understand how referrals work.
In section 8. "Cross realm routingi", It is said that for server
referrals, the KDC takes in charge the optimization of the referral
path because it has more information about cross-realm routing.
Does this mean that the KDC will provide the client with a TGT and
the target realm (where the service is located) in the
PA-SERVER-REFERRAL of the reply ?
That's sort of the idea, yes. Though Larry Zhu and I were discussing
today what happens if the local KDC has no cross-realm key for the
target realm, but can refer you to an intermediate realm which may
not be able to do referrals; I think the draft is going to need some
work to cover that case.
Ken
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
