No referral is issued unless the client sets the KDC_OPT_NAME_CANONICALI ZE option flag in the TGS request. So a client should never get a referral that is unexpected.
I'm not sure about the cross-realm interaction since no MIT client ever sets the flag. K.C. > Concerns I'd have--and note that these are simply concerns I'd have > before integrating the patch. The Kerberos working group has decided > this is the direction we're going in. > > How do MIT clients deal with getting a referal they are not expecting? > > How does this interact with the client-side cross-realm logic in MIT > clients? > > ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
