gssftpd and gss_acquire_cred

Sam Hartman hartmans at MIT.EDU
Tue Nov 17 14:41:02 EST 2009

>>>>> "Ken" == Ken Hornstein <kenh at> writes:

    Ken> - On the server, accept either.

Or ignore the address check entirely.  For the kpasswd service,
although not in general, it would be safe to do this.  The requirement
for directional addresses is to avoid replays with direction switched.
I'm fairly sure the kpasswd protocols are not vulnerable to that.

More information about the krbdev mailing list