Re: Initial version of PKCROSS implementation

[Jeffrey Hutzelman <jhutz@cmu.edu>]

--On Friday, March 28, 2008 03:07:58 PM +0900 KAMADA Ken'ichi 
<kamada@nanohz.org> wrote:

> Hello all,
>
> I have put the initial version of our PKCROSS implementation for
> Heimdal at <http://www.taca.jp/krb-cross-realm/pkcross-heimdal.html>.
>
> This is a patch for Heimdal 1.0.1 in the svn repository
> <svn://svn.h5l.se/heimdal/tags/heimdal-release/heimdal-1.0.1>,
> *not for the released tar ball*.
>
> Please note that a serious deployment is premature, because some
> incompatible changes are expected in accordance with the progress of
> standardization.
> - The format of ticket extensions is tentative and will be changed.

In fact, one of the reasons no serious work has been done on PKCROSS in 
some time is that it requires ticket extensions and the current Kerberos 
protocol does not have them.  At this point, I think it is somewhat likely 
that the form of ticket extensions we end up with will be significantly 
different from what was envisioned when PKCROSS was being worked on.

-- Jeff