krb5_sname_to_principal or LDAP/SASL/GSSAPI and reverse DNS

Sam Hartman hartmans at MIT.EDU
Tue Apr 8 18:17:48 EDT 2003

>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at> writes:

    Nicolas> On Tue, Apr 08, 2003 at 05:22:52PM -0400, Sam Hartman
    Nicolas> wrote:
    >> Generic keys are insecure because of replay cache issues.

    Nicolas> Clusters should be able to share their replace caches.
    Nicolas> PFS in extensions will kinda solve this problem... :)

Nico, I can think of complex solutions to the problem too.  I'm not at
all convinced that clusters should share principals for the reasons I
outlined in mail to Paul.

More information about the krbdev mailing list