Subject: | updated CFX spec: no unknown token ids; extensions after KRB-CRED |
Looks like the CFX spec is changing. The unknown token id support
(including the returned CONTINUE_NEEDED status and KRB-ERROR token) is
likely to be going away, and in its place, the so-called "checksum" in
the AP-REQ will have an extension field after the Flags or Delegation
fields, which a plain CFX (i.e., not newer than CFX) server must ignore.
(including the returned CONTINUE_NEEDED status and KRB-ERROR token) is
likely to be going away, and in its place, the so-called "checksum" in
the AP-REQ will have an extension field after the Flags or Delegation
fields, which a plain CFX (i.e., not newer than CFX) server must ignore.