[Freeipa-devel] Anonymous PKINIT and kdcproxy
Simo Sorce
simo at redhat.com
Mon Dec 12 10:17:45 UTC 2016
On Mon, 2016-12-12 at 09:42 +0100, Christian Heimes wrote:
> Hi Simo,
>
> I'm wondering if we need to change kdcproxy for anon pkinit. What kind
> of Kerberos requests are performed by anon pkinit and to establish a
> FAST tunnel? python-kdcproxy allows only request types AS-REQ, TGS-REQ
> and AP-REQ+KRB-PRV. Responses are not filtered.
No changes needed, we only use AS and TGS request types.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list