Reuse of GSSAPI Tokens
Jiva DeVoe
jiva at devoesquared.com
Thu Jul 21 15:35:36 EDT 2005
Yes, I agree, and I realize this now... thanks for the clarification...
On Jul 21, 2005, at 3:32 PM, Matt Crawford wrote:
>
> On Jul 21, 2005, at 14:24, Jiva DeVoe wrote:
>
>
>> It's just if I wanted to do init/accept/accept/accept that I can't
>> do it.
>>
>
> Think about it.
>
> If you, the client, can use a given GSS token again, then I, the
> eavesdropper, can do the same.
>
> I think you don't want that.
>
>
>> C creates a token using *_init_* and gives it to A to access a
>> resource.
>>
>
> It may take several client/server exchanges to establish a
> context. What you seek is "credential delegation."
>
>
--
Jiva DeVoe
http://www.devoesquared.com
PowerCard - Intuitive Project Management Software for Mac OS X
More information about the krbdev
mailing list