RFR 8005819: Support cross-realm MSSFU
Osipov, Michael
michael.osipov at siemens.com
Tue Oct 29 15:35:30 UTC 2019
A few questions:
* In handleS4U2ProxyReferral():
> + sname = new PrincipalName(PrincipalName.KRB_NT_PRINCIPAL,
> + sname.getNameStrings(), sname.getRealm());
Why do you use here KRB_NT_PRINCIPAL? Is that the assumption that in AD
all services are bound to regular accounts compared to MIT Kerberos?
client1 at REALM => HTTP/host at REALM where HTTP/host at REALM is bound to
srv$@REALM => postgres/host2 at REALM and the transition is done with
srv$@REALM?
Michael
More information about the security-dev
mailing list