Sam Hartman (hartmans) wrote,
Sam Hartman

Kerberos Pre-authentication

I may have talked about some of this before, but I cannot find the entry. Back in 2004, I wrote a proposal for how to abstract out Kerberos pre-authentication and how to think about the state model. I gave up on that proposal because it seemed too complicated even for me. I understood what state needed to be captured, but did not understand how you could do anything simple within the framework I created. So I reluctantly gave up on the proposal.

Last year, the issue came up again. Larry Zhu, the lead Kerberos developer from Microsoft wanted to put together some way to accomplish some of the same goals I was talking about in 2004. I told him I'd tried to go down that path and found it too complicated; I sent him my old document so he could see what I ran into. He wrote back and said he really liked what I had written and wanted to work on finishing it. I was dubious that I would like the result.

Now, having reviewed what he's doing and having spent a lot of energy working on the proposal, I think he did find a way around my problems. I'm very excited about what we're doing. Also, working with Larry is a lot of fun. This is more enjoyable because it is creating new technical work. So much of what I do in the IETF is review others' work. It is pleasurable to be working on something of my own from time to time.

Tags: ietf

  • Making our Community Safe: the FSF and rms

    I felt disgust and horror when I learned yesterday that rms had returned to the FSF board. When rms resigned back in September of 2019, I was Debian…

  • Good Job Debian: Compatibility back to 1999

    So, I needed a container of Debian Slink (2.1), released back in 1999. I expected this was going to be a long and involved process. Things didn't…

  • Forged Email

    Last night, a series of forged emails was sent to a number of places around the Debian, Ubuntu and Free Software communities. The meat of the mail…

  • Post a new comment


    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.