(mk|rd)_(priv|safe) and NAT
Chris Hecker
checker at d6.com
Wed Aug 3 17:47:48 EDT 2011
> By default, an auth context will use a replay cache to prevent
> replays (this is controlled by the do-time flag).
Right, but I'm going to force the replay cache off and use subkeys like
we discussed in the other thread. I assume I can't use the do-sequence
flag on an unordered/unreliable channel? So, if I want to mk_priv/safe
on that channel, will I need another auth_context?
Not sure if that makes sense? If not, I can try to explain it better.
Chris
On 2011/08/03 14:39, Greg Hudson wrote:
> On Wed, 2011-08-03 at 16:56 -0400, Chris Hecker wrote:
>> This brings up the question of what to do in unordered/unreliable
>> situations? I have a UDP stream between clients that's a mix of
>> ordered/reliable "pseudo-tcp" messages and unordered/unreliable
>> messages. My original plan was to use the pseudo-tcp messages to
>> negotiate the u2u auth_contexts, but I also want to be able to
>> mk_safe/mk_priv on the unreliable messages. Do I need two auth_contexts
>> in that case, one without do-sequence set?
>
> By default, an auth context will use a replay cache to prevent replays
> (this is controlled by the do-time flag).
>
>
>
More information about the Kerberos
mailing list