Perhaps a more accurate statement would be no one currently employed by MIT or actively working on the MIT Kerberos code reviewed the patch.
The patch was indeed given to MIT by Microsoft. The patch was examined by two people at MIT and was modified to work with the then current MIT Kerberos release. MIT made the decision not to incorporate the patch because the referral mechanism was not part of the RFC and MIT was/is viewed as the reference implementation. The patch was given to UMich because their domain design required its use (MIT's domain design does not require its use). UMich is the redistribution point for the patch in my opinion and I think they have periodically updated it to remain compatible with the MIT distribution. I believe that UMich and some other sites are using the patch in deployed production systems. Paul -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Creech Sent: Wednesday, September 24, 2003 10:08 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [windows-hied]: Re: Multiple domain referral patch and Kerberos 1.31 >>>>>> "Ben" == Ben Creech <[EMAIL PROTECTED]> writes: > > Ben> Is anyone using the patch to allow MIT KDCs to use > Ben> Microsoft's trust referral mechanism with Kerberos 1.31? If > Ben> so, do you have any comments on how well or poorly it works? > > No one at MIT has evaluated or looked at the patch. > Ok, now I'm confused as to who wrote the patch. From the previously linked UMICH patch page: "Here is the original patch we received from MIT (believed to be written by Microsoft)" So did someone at MIT just forward the patch without looking at it, or is this statement incorrect? Perhaps you mean no one has looked at the patch *recently*, eg, after UMICH's modifications, or for 1.31? It does look like the patch was written by Microsoft, judging by the (apparently) recent addition of the RealmFlags = 8 bit flag to Microsoft's Kerberos settings. This setting is evidently used to indicate that a non-Microsoft KDC is capable of MS-style transitive trusts - i.e., that it has their referral patch. -++**==--++**==--++**==--++**==--++**==--++**==--++**==--++**== This message was posted through the Stanford campus mailing list server. If you wish to unsubscribe from this mailing list, send the message body of "unsubscribe windows-hied" to [EMAIL PROTECTED] ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
