[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mod_auth_kerb and Heimdal KDC

To: heimdal-discuss <heimdal-discuss@sics.se>
Subject: Re: mod_auth_kerb and Heimdal KDC
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Date: Thu, 22 Aug 2002 12:23:09 -0400
In-reply-to: Your message of "22 Aug 2002 17:51:30 +0200." <xoflm6y51tp.fsf@blubb.pdc.kth.se>
Sender: owner-heimdal-discuss@sics.se

>> I sure hope your Kerberos implementation includes a replay cache
>> ... if it does, then this can't happen.
>
>I think this is just a workaround for broken protocols. Require the
>client (and server) to use the session key, and you're pretty safe.

I agree, all protocols should use the session key ... but
unfortunately, we live in the real world :-/

--Ken

References:
- Re: mod_auth_kerb and Heimdal KDC
  - From: joda@pdc.kth.se (Johan Danielsson)

Prev by Date: Re: mod_auth_kerb and Heimdal KDC
Next by Date: Multiple realms on one KDC
Prev by thread: Re: mod_auth_kerb and Heimdal KDC
Next by thread: Re: mod_auth_kerb and Heimdal KDC
Index(es):
- Date
- Thread