krb5_sname_to_principal or LDAP/SASL/GSSAPI and reverse DNS
Sam Hartman
hartmans at MIT.EDU
Tue Apr 8 18:17:48 EDT 2003
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at sun.com> writes:
Nicolas> On Tue, Apr 08, 2003 at 05:22:52PM -0400, Sam Hartman
Nicolas> wrote:
>> Generic keys are insecure because of replay cache issues.
Nicolas> Clusters should be able to share their replace caches.
Nicolas> PFS in extensions will kinda solve this problem... :)
Nico, I can think of complex solutions to the problem too. I'm not at
all convinced that clusters should share principals for the reasons I
outlined in mail to Paul.
More information about the krbdev
mailing list