Re: KRB5KRB_AP_ERR_MODIFIED during protocol transition

[Love Hörnquist Åstrand <lha@kth.se>]

>>> I only seem to need Constrained Delegation,
>
> You are right, it should only need the Constrained Delegation bit.  
> I did not
> try it without the other options, so did not want to speculate.
>
>> however, but there is the  confusion
>> if its bit 14 or bit 16. bit 16 doesnt work, but bit 14 seems to be
>> claimed for anonymous support...
>
> Bit 14 defn works, I don't know what bit 16 is though. Newer  
> versions of
> wireshark (I am using (0.99.5) understands this bit and describes  
> it as
> 'Constrained Delegation'. I checked RFC 4120 and it does not  
> specify either.
> Can you point me to some document that discuss one over the other.

rfc1510 bis and ter seems to contain it

http://www3.ietf.org/proceedings/02jul/I-D/draft-ietf-krb-wg-kerberos- 
clarifications-00.txt
http://www.ietf.org/proceedings/05mar/IDs/draft-ietf-krb-wg- 
rfc1510ter-00.txt

But I have no idea why it didn't make it to rfc4120

Also draft-ietf-krb-wg-anon-00.txt talks about anonymous.

Love