appl/simple/client/sim_client.c uses internal APIs
Sam Hartman
hartmans at suchdamage.org
Fri Feb 24 14:25:39 EST 2023
>>>>> "Chris" == Chris Hecker <checker at d6.com> writes:
Chris> I guess if I’m on a tear saying forbidden things, sometimes
Chris> identity is all you need, you don’t want all the samples to
Chris> encrypt everything, because that makes it look like you have
Chris> to, which you don’t? It is use-case dependent, and krb5 is
Chris> great because it is granular enough to let developers choose
Chris> what they do for their own use-cases.
My suspicion is that people are still really bad at figuring out whether
they need integrity.
I think a sample that does not either use TLS or use integrity
protection does a disservice to the community.
Because basically I don't think there are a lot of cases where identity
is all you need (other than when running over TLS), and I think people
are far more likely to believe they can get away with just identity than
is actually the case.
--Sam
More information about the Kerberos
mailing list