lördag 27 september 2008

Kerberos ticket extentions

Last Sunday I updated the draft Kerberos ticket extensions to version -02.

Ticket extentions are to enable PK-CROSS and other applications that want to send clear text data in the ticket between the KDC and the server.

The update included and extension to the Kerberos protocol, a much cleaner extention protocol wise, at the same time it requires update clients. The reason I did both was the comment from Ken Raeburn that though the new protocol was horrible (which it is) and Kerberos should stay pretty, so I made the protocol stay pretty.

There is still the issue with protection, may I just should just give up making it truly extensionally and just include a checksum using the same key as the Ticket.enc-data is encrypted with.

Inga kommentarer:

Skicka en kommentar