Replay cache extension design issue
Jeffrey Hutzelman
jhutz at cmu.edu
Tue Jan 13 13:20:05 EST 2009
--On Tuesday, January 13, 2009 12:20:38 PM -0500 Greg Hudson
<ghudson at MIT.EDU> wrote:
> On Tue, 2009-01-13 at 11:58 -0500, ghudson at MIT.EDU wrote:
>> My first idea for a band-aid is to make the extension records include
>> the client and server principle strings, so that they stand alone
>> (superceding, rather than augmenting, the old-style records which are
>> also written out). Of course, that requires cramming the client
>> principal string, server principal string, and hash string into the
>> server principal field of a record. Maybe someone else has a more
>> elegant idea.
>
> Tom had the interesting idea of writing out triplets:
>
> extension record containing hash
> old-style record
> extension record containing hash
>
> That's resistant to precise reversal (which is what our code does),
> though not to arbitrary reordering.
Perhaps, but do you want to write _every_ extension record in duplicate?
More information about the krbdev
mailing list