[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mod_auth_kerb and Heimdal KDC

Ken Hornstein <kenh@cmf.nrl.navy.mil> writes:

> I sure hope your Kerberos implementation includes a replay cache
> ... if it does, then this can't happen.

I think this is just a workaround for broken protocols. Require the
client (and server) to use the session key, and you're pretty safe.

Even if you can't replay old creds, you can still hi-jack the session.