(mk|rd)_(priv|safe) and NAT
Greg Hudson
ghudson at MIT.EDU
Wed Aug 3 17:39:01 EDT 2011
On Wed, 2011-08-03 at 16:56 -0400, Chris Hecker wrote:
> This brings up the question of what to do in unordered/unreliable
> situations? I have a UDP stream between clients that's a mix of
> ordered/reliable "pseudo-tcp" messages and unordered/unreliable
> messages. My original plan was to use the pseudo-tcp messages to
> negotiate the u2u auth_contexts, but I also want to be able to
> mk_safe/mk_priv on the unreliable messages. Do I need two auth_contexts
> in that case, one without do-sequence set?
By default, an auth context will use a replay cache to prevent replays
(this is controlled by the do-time flag).
More information about the Kerberos
mailing list