Sequence number without mutual auth
weijun.wang at oracle.com
Wed Apr 11 23:20:16 EDT 2018
Without mutual auth, the acceptor has no chance to send an initial sequence number to the initiator, so they must agree on a default one.
In my experiment, it looks like MIT krb5 and Windows are reusing the initiator's initial sequence number and Heimdal is using 0.
Am I right? If so, is there a way to write an app that works for all of them? Or the acceptor simply should not send anything when there is no mutual auth?
More information about the krbdev