c2e2de7384
RFC6112 provides a method of computing a session key when the PKINIT DH is used, and mandates it for anonymous pkinit. The session key is computed using KRB-FX-CF2 from the reply key and a random key chosen by the kdc. The random key is provided to the client, which is supposed to verify that the session key was computed this way.
Heimdal is a Kerberos 5 implementation. For information how to install see <http://www.h5l.org/compile.html>. There are briefer man pages for most of the commands. Bug reports and bugs are appreciated, see more under Bug reports in the manual on how we prefer them: <heimdal-bugs@h5l.org>. For more information see the web-page at <http://www.h5l.org/> or the mailing lists: heimdal-announce@sics.se low-volume announcement heimdal-discuss@sics.se high-volume discussion send a mail to heimdal-announce-request@sics.se and heimdal-discuss-request@sics.se respectively to subscribe.