[2913] in Kerberos
Krb 5 replay cache
daemon@ATHENA.MIT.EDU (Jim Miller)
Mon Nov 29 23:36:49 1993
From: jim@bilbo.suite.com (Jim Miller)
Date: Mon, 29 Nov 93 22:12:55 -0600
To: kerberos@MIT.EDU
Reply-To: Jim_Miller@suite.com
Some questions about the replay cache code in Kerberos 5, pre-beta 3...
The routine 'krb5_rd_req_decoded' places both the unparsed sender name and
the unparsed client name in the 'rep' structure (see rc_conv.c). However,
'krb5_rd_priv', and 'krb5_rd_safe" initialize the 'rep' structure using a
different strategy.
Here's the code from rd_priv.c:
if (retval = krb5_gen_replay_name(sender_addr, "_priv",
&replay.client)) {
cleanup_data();
cleanup_mesg();
return retval;
}
replay.server = ""; /* XXX */
replay.cusec = privmsg_enc_part->usec;
replay.ctime = privmsg_enc_part->timestamp;
if (retval = krb5_rc_store(rcache, &replay)) {
Q1: Why doesn't it set "replay.server" to anything?
The routines 'krb5_mk_priv' and 'krb5_mk_safe' use this same strategy for
storing info into the client's replay cache.
Q2: Why does the client need create a replay cache to *send* a
timestampped private or safe message?
Jim_Miller@suite.com
