Sequence number without mutual auth
Weijun Wang
weijun.wang at oracle.com
Wed Apr 11 23:20:16 EDT 2018
Without mutual auth, the acceptor has no chance to send an initial sequence number to the initiator, so they must agree on a default one.
In my experiment, it looks like MIT krb5 and Windows are reusing the initiator's initial sequence number and Heimdal is using 0.
Am I right? If so, is there a way to write an app that works for all of them? Or the acceptor simply should not send anything when there is no mutual auth?
Thanks
Max
More information about the krbdev
mailing list