mskrb-integ merged to trunk
Love Hörnquist Åstrand
lha at apple.com
Sun Jan 11 16:02:57 EST 2009
3 jan 2009 kl. 15:20 skrev Sam Hartman:
> Folks, I'm pleased to announce that the mskrb-integ branch has been
> merged onto the trunk. There are a number of issues still open, many
> of which we'll still want to deal with for the 1.7 release. However
> this will get everyone testing the code and honestly I think it's in
> quite good shape for a project of this size going to the trunk.
After think more about the keytab changes I belive its also
problematic of using the principal in the keytab since that will
contain a service that the server is not expecting.
Example: client connects to vnc/server, vnc/server is an alias, and
the server only have host/server in the keytab. Now the server
software have to aware that vnc and server is aliases of each other
and indeed the replay caches are shared and not just something that
tries to do a replay attack.
Love
More information about the krbdev
mailing list