Armor key negotiation in FAST
Greg Hudson
ghudson at MIT.EDU
Fri Nov 23 16:47:41 EST 2012
On 11/23/2012 04:14 AM, Simon.Jansen at t-systems.com wrote:
>> The privileged process needs to provide the sub-session key to the unprivileged process. (If you reread that sentence, it says that three pieces of information are given, not two.)
>
> Oh, I'm sorry. You are right. I interpreted the sentence in a wrong way.
> But the question is still there. If the unprivileged process builds the armor key it needs the ticket session key. How is ensured that the user process gets the key?
I think you're right; the privileged process needs to communicate either
the ticket session key (in which case the client can choose the
sub-session key and construct the authenticator) or the armor key.
That's not stated in the RFC text.
More information about the Kerberos
mailing list