Received: from konishi-polis.mit.edu (STRATTON-FORTY-THREE.MIT.EDU [18.187.5.43]) by krbdev.mit.edu (8.9.3p2) with ESMTP id TAA20654; Wed, 11 Feb 2004 19:44:36 -0500 (EST)
Received: by konishi-polis.mit.edu (Postfix, from userid 8042) id C0F5015201C; Wed, 11 Feb 2004 19:41:50 -0500 (EST)
To: "Douglas E. Engert" <deengert@anl.gov>
Cc: rt-comment@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #2110] MIT KDC fails to handle unknown padata
References: <rt-2110-9806.8.25225654970339@krbdev.mit.edu> <402ABB1A.10E4A29D@anl.gov>
From: Sam Hartman <hartmans@mit.edu>
Date: Wed, 11 Feb 2004 19:41:50 -0500
In-Reply-To: <402ABB1A.10E4A29D@anl.gov> (Douglas E. Engert's message of "Wed, 11 Feb 2004 17:30:34 -0600")
Message-Id: <tslr7x1jfht.fsf@konishi-polis.mit.edu>
User-Agent: Gnus/5.1002 (Gnus v5.10.2) Emacs/21.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
RT-Send-Cc: 
X-RT-Original-Encoding: us-ascii
Content-Length: 288

>>>>> "Douglas" == Douglas E Engert <deengert@anl.gov> writes:


    Douglas> If preauth is required, a krb-error SHOULD be sent saying
    Douglas> which preauths can be used.

That's not how Kerberos works.  Se section 2 of
draft-ietf-krb-wg-preauth-framework-00.txt for a discussion.