[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: windows interop



> PA-ENCTYPE-INFO is not the only place where [non-existing in this 
> case] salt appears, it's exposed in PA-PW-SALT on wire

Speaking of which. I've spotted following in 5.2.7.3 of RFC4120:

    "... As
    noted in section 3.1.3, a KDC MUST NOT send PA-PW-SALT when the
    client's AS-REQ includes at least one "newer" etype."

I can't see that 3.1.3 spells it this way though. For reference, 
presence of PA-PW-SALT in AS-REP does not seem to affect interop with 
Vista (which includes "newer" etype). A.