gssftpd and gss_acquire_cred
Sam Hartman
hartmans at MIT.EDU
Tue Nov 17 14:41:02 EST 2009
>>>>> "Ken" == Ken Hornstein <kenh at cmf.nrl.navy.mil> writes:
Ken> - On the server, accept either.
Or ignore the address check entirely. For the kpasswd service,
although not in general, it would be safe to do this. The requirement
for directional addresses is to avoid replays with direction switched.
I'm fairly sure the kpasswd protocols are not vulnerable to that.
More information about the krbdev
mailing list