Hi Colm,
>> >However, I can't see where it is signing the response with the private key
>> >associated with the KDC. This is a requirement for anonymous PKINIT
Yes, you are right. The "Identity" should be used in anonymous PKINIT.
But now in client PkinitPreauth, start from line 393, we skip to
Hi all,
I'm continuing to look at anonymous PKINIT as implemented in Kerby. I'm a
bit puzzled by a few things relating to signatures and would welcome some
feedback.
Looking at the server PkinitPreauth, it appears that Diffie-Hellman is used
to establish a shared secret key with the client. Howev
>> I'm not convinced that the authorization data should be copied from TGT to
>> Service Ticket.
I do believe so. If authz data can't be carried thru TGT to service ticket, how
server to get authz data in Kerberos domain?
@Richard, could you help clarify about this? I believe you have the expe
Hi Colm,
You can change it, I think it will not break other works.
Thanks
Jiajia
-Original Message-
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: Thursday, July 21, 2016 4:38 PM
To: Li, Jiajia
Cc: Zheng, Kai ; kerby@directory.apache.org
Subject: Re: Certificate Encoding
Will you make this change Jiajia, or do you want me to do it?
Colm.
On Mon, Jul 18, 2016 at 12:00 PM, Colm O hEigeartaigh
wrote:
> Yes that's right.
>
> Colm.
>
> On Fri, Jul 15, 2016 at 2:08 AM, Li, Jiajia wrote:
>
>> I think "remove the line in Extension.java to set critical " can solve
>> t
