[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mod_auth_kerb and Heimdal KDC

On 22 Aug 2002, Johan Danielsson wrote:

> You mean http://www.ietf.org/rfc/rfc2712.txt?

RFC2712 is somewhat flawed. In particular, it doesn't provide enough
information about data types to construct interoperable implementations.
A while back, I wrote an implementation for Mozilla, and collaborated with
making the OpenSSL implementation work with it. I believe that the OpenSSL
stuff will be shipping with their next release. We also wrote some notes
on the data encoding assumptions we made.

However, there is an internet draft which is aimed at obsoleting 2712,
which has the advantage of using complete Kerberos data structures within
the SSL handshakes. Implementation is a touch more complex, however.