On Thu, Oct 26, 2023 at 06:26:18PM -0400, Jeffrey Hutzelman wrote: > The gss-keyex userauth method is just an optimization; it prevents you > having to actually run the GSSAPI exchange again after you've already used > one of the GSSAPI-based keyex methods. The real win is in the GSSAPI-based > keyex methods themselves, which are useful (and exist) because they avoid > having to pick one of these: > > [...]
All true. But you forgot the other benefit: automatic re-delegation of credentials prior to expiration. Nico -- ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos