Details

    • Type: Sub-task
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 2.0.0-RC1
    • Component/s: None
    • Labels:
      None

      Description

      This is to implement PKINIT pre-authentication mechanism, which can be used to integrate PKI based authentication:
      1. When client certificate is available, it's can be used to authenticate the client to KDC and exchange a TGT.
      2. When client certificate isn't available, but anonymous is allowed, then only KDC server is authenticated to the client and still a TGT can be requested but the principal is the well known name. Such TGT can serve as an armor TGT/key to protect other pre-authentication mechanism.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                drankye Kai Zheng
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: