gssapi and replay cache
lukeh at padl.com
Fri Sep 13 19:43:48 EDT 2013
> Is "gssrpc_sec" equivalent to RPCSEC_GSS? If so
> http://www.ietf.org/rfc/rfc2203.txt states:
> "The RPCSEC_GSS protocol provides for protection from replay attack,
> yet tolerates out-of-order delivery or processing of messages and
> tolerates dropped requests."
I think we're talking at cross purposes. There's a difference between protection from replayed authenticators vs. replayed application messages. replay_det_req_flag (and the text above) refers to the latter.
More information about the krbdev