tom at electric-sheep.org
Tue Oct 18 06:27:46 EDT 2005
I am new to Kerberos and I'm a bit clue-less about mutual authentication.
I saw the sclient sample application using krb5_sendauth() and reading the
reply from the server. But how is the reply authenticated/verified?
I looked at the code of sendauth() and recvauth() in src/lib/krb5/krb and
neither found a verification there.
Am I blind? :)
What exactly does the server decrypt and send back to the client, and who is
responsible to verify the reply (client or lib), and how?
Can someone point me to a description of how to use mutual authentication
Thanks a lot.
Tom <tom at electric-sheep.org>
fingerprint = F055 43E5 1F3C 4F4F 9182 CD59 DBC6 111A 8516 8DBF
More information about the krbdev