[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mod_auth_kerb and Heimdal KDC

>> I sure hope your Kerberos implementation includes a replay cache
>> ... if it does, then this can't happen.
>I think this is just a workaround for broken protocols. Require the
>client (and server) to use the session key, and you're pretty safe.

I agree, all protocols should use the session key ... but
unfortunately, we live in the real world :-/