gssapi and replay cache

Luke Howard lukeh at
Fri Sep 13 19:43:48 EDT 2013

> Is "gssrpc_sec" equivalent to RPCSEC_GSS?  If so
> states:
> "The RPCSEC_GSS protocol provides for protection from replay attack,
> yet tolerates out-of-order delivery or processing of messages and
> tolerates dropped requests."

I think we're talking at cross purposes. There's a difference between protection from replayed authenticators vs. replayed application messages. replay_det_req_flag (and the text above) refers to the latter.

-- Luke

More information about the krbdev mailing list