On Thu, 2011-07-28 at 19:19 -0400, Chris Hecker wrote: > Hmm, digging deeper, the krb5_rd_req_decoded(_anyflag) functions are in > k5-int.h, and are only called from a couple places throughout all the > code. I could easily have them leave client even on failure
I assume you mean krb5_rd_req_decoded would set the ticket output value in cases where it decrypts and decodes successfully but doesn't validate? I think that would be acceptable, and there even seems to be KDC code to handle this case. I think it would be possible to log the server name as well, since that's just sitting in the request structure. I know that's less interesting to you. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
