[6107] in Kerberos
Re: K5 recvauth
daemon@ATHENA.MIT.EDU (Jonathan Kamens)
Thu Nov 2 11:41:41 1995
To: kerberos@MIT.EDU
Date: 2 Nov 1995 06:07:22 GMT
From: jik@jik.datasrv.co.il (Jonathan Kamens)
The application version string supported by V5 sendauth/recvauth is just a
convenience. If a particular application wants to allow negotiation as you
describe, then all it has to do is define its protocol so that its clients and
servers always specify a null string for the application version string to
sendauth and recvauth, and then the client and server can do their own
negotiation, using their own protocol, after the sendauth/recvauth is
completed successfully.
On the other hand, if the version-string checking functionality were removed
from the V5 sendauth/recvauth as you propose, then every application that just
wanted simple version-string checking, without confirmation, would have to
implement essentially the same code (to transmit the version string and verify
it in the server). Why should applications have to do that when it's just as
easy to make the code globally available in V5 sendauth/recvauth?
In summary, the existing code doesn't prevent any application that wants to do
negotiation from doing so, and it assists applications that don't want to do
negotiation. So I don't think there's any problem.
