[38696] in Kerberos
Re: referrals and canonicalization
daemon@ATHENA.MIT.EDU (Isaac Boukris)
Fri Feb 28 04:59:24 2020
MIME-Version: 1.0
In-Reply-To: <CAP9ATsKneJgihGtuycV_E1Rar8A5k5Uio-qYvkDi5neAbf=m7Q@mail.gmail.com>
From: Isaac Boukris <iboukris@gmail.com>
Date: Fri, 28 Feb 2020 10:58:49 +0100
Message-ID: <CAC-fF8SJr5n_mUyrb8yST9-_Ezx-LjXxXQwh=x0p_0xkiqrZqg@mail.gmail.com>
To: Ben Gooley <bgooley@cloudera.com>
Cc: kerberos <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Thu, Feb 27, 2020 at 8:36 PM Ben Gooley <bgooley@cloudera.com> wrote:
>
> Thanks... for reference, Java enabled both referrals and canonicalization requests by its clients in recent releases of OpenJDK:
> https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8223172
Thanks, interesting read.
(for example, this quote: Principal name changes are allowed in AS-REQ
responses only if 1) *canonicalize* option was set in the AS-REQ
request, 2) PA-REQ-ENC-PA-REP pre-authentication data was sent in the
AS-REQ response (meaning the server supports [RFC 6068][1] FAST
scheme) and 3) the authenticated checksum is correct.)
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
