[30331] in Kerberos
Re: Sequence numbering after export and import of context
daemon@ATHENA.MIT.EDU (Michael B Allen)
Sun Oct 5 12:09:44 2008
Message-ID: <78c6bd860810050909i1743bf6fv61e43ff130268ac7@mail.gmail.com>
Date: Sun, 5 Oct 2008 12:09:09 -0400
From: "Michael B Allen" <ioplex@gmail.com>
To: "Markus Moeller" <huaraz@moeller.plus.com>
In-Reply-To: <gca9nk$hki$1@ger.gmane.org>
MIME-Version: 1.0
Content-Disposition: inline
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Sun, Oct 5, 2008 at 7:51 AM, Markus Moeller <huaraz@moeller.plus.com> wrote:
> I have an application which initializes the security context in one process
> does some gss_wrap/gss_unwrap calls and then exports the context to hand it
> over to another process which imports the context and continues the
> gss_wrap/gss_unwrap. Would the second process restart sequencing at 0 or
> continuing from where the context was exported ?
I'm not even going to try to come up with a citation but common sense
would suggest that an imported GSS context must use the sequence
number of the exported context and must never reset the sequence
number to 0. I don't see how the peer could even know that the
sequence number was reset.
Mike
--
Michael B Allen
PHP Active Directory SPNEGO SSO
http://www.ioplex.com/
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
