Sequence number without mutual auth

Weijun Wang at
Wed Apr 11 23:20:16 EDT 2018

Without mutual auth, the acceptor has no chance to send an initial sequence number to the initiator, so they must agree on a default one.

In my experiment, it looks like MIT krb5 and Windows are reusing the initiator's initial sequence number and Heimdal is using 0.

Am I right? If so, is there a way to write an app that works for all of them? Or the acceptor simply should not send anything when there is no mutual auth?


More information about the krbdev mailing list