Principal for service
Ken Raeburn
raeburn at MIT.EDU
Wed Feb 11 04:40:48 EST 2004
On Wednesday, Feb 11, 2004, at 01:47 US/Eastern, Russ Allbery wrote:
> Ack, there's a spec? Sorry, I didn't even think to check that; I'm so
> used to nothing new about FTP being actually specified that it never
> occurred to me that someone did the right thing and developed a real
> specification.
>
I just looked it up. It's Appendix I of RFC 2228. And it doesn't seem
to explicitly address the case where the ftp key exists but the
authentication attempt fails. As I read it, you would actually retry
with the host key -- but the word "may" is used, suggesting that
perhaps the client doesn't actually have to try the host key under any
circumstances....
Ken
More information about the Kerberos
mailing list