Public Key Interoperability Between DCE Versions
The following table describes how login requests are handled between different versions of DCE that are in a single cell.
DCE Version 1.1/Pre-DCE Version 1.1 Authentication Interoperation
| Login Request Type | Pre-1.1 Server Response | Versions 1.1 and 1.2 Server Response |
| DCE Version 1.0 From any client. |
No preauthentication. Returns DCE Version 1.0 (unpreauthenticated) response. | Preauthentication. Checks for pre_auth_req ERA instance: If no ERA exists, or existing ERA has value=0 (NONE), returns DCE Version 1.0 (unpreauthenticated) response. Otherwise, rejects login request. |
| TIMESTAMPS From DCE Version 1.1 and greater clients. |
No preauthentication. Ignores preauthentication data in request and returns pre-DCE Version 1.1 (unpreauthenticated) response. | Preauthentication. Checks for pre_auth_req ERA instance: If no ERA exists, or existing ERA has value=0 (NONE) or value=1 (PADATA-ENC-TIMESTAMPS), returns DCE Version 1.1 TIMESTAMPS response. If existing ERA has value=2 (PADATA-ENC-THIRD-PARTY), rejects login request. |
| THIRD-PARTY From DCE Version 1.1 and greater clients. |
No preauthentication. Ignores preauthentication data in request and returns pre-DCE Version 1.1 (unpreauthenticated) response. | Preauthentication. Returns DCE Version 1.1 THIRD-PARTY response. |
| PUBLIC KEY From DCE Version 1.2 clients. |
No preauthentication. Ignores preauthentication data in request and returns pre-DCE Version 1.1 (unpreauthenticated) response. | 1.1 Server Response: No preauthentication. Ignores preauthentication data in request and returns pre-DCE Version 1.1 (unpreauthenticated) response: Preauthentication. Returns DCE Version 1.2 PUBLIC KEY response. |