On 23/07/2011, at 12:22 AM, Nico Williams wrote: > On Fri, Jul 22, 2011 at 7:04 PM, Greg Hudson <[email protected]> wrote: >> On Fri, 2011-07-22 at 18:10 -0400, Nico Williams wrote: >>> Why are you not using the GSS-API? >> >> Chris started out by asking about user-to-user auth, so I didn't >> redirect him to GSSAPI since, as far as I know, GSSAPI doesn't have a >> story there (for the krb5 mech, at least). > > Indeed, the krb5 mech has no story here. I'm thinking we should have > the initiator send a bogus AP-REQ with a new auth-options flag. If > the server understands it it would respond with a KRB-ERROR with the > TGT in the e-data, else with a plain KRB-ERROR.
Hasn't draft-swift-win2k-krb-user2user-03 been shipping since Windows 2000? -- Luke ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
