[16871] in Kerberos_V5_Development
Re: Authdata, preauth plugin headers
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Jun 10 11:29:57 2011
From: Greg Hudson <ghudson@mit.edu>
To: Sam Hartman <hartmans@mit.edu>
In-Reply-To: <tslaadpwwsp.fsf@mit.edu>
Date: Fri, 10 Jun 2011 11:29:51 -0400
Message-ID: <1307719791.2281.152.camel@t410>
Mime-Version: 1.0
Cc: Linus Nordberg <linus@nordu.net>, "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Fri, 2011-06-10 at 11:06 -0400, Sam Hartman wrote:
> Pretty much any multi-round-trip preauth plugin will need to be able to
> store state in the cookie.
I see. The OTP draft doesn't use the word "cookie", instead referencing
"the mechanism described in section 5.2 of [RFC6113]".
However, now I'm confused about why the KDC is bothering to generate a
nonce in the 4-pass scheme if it's not going to remember it. (The
cookie is not the same thing as "memory", since the KDC has no assurance
that it wasn't replayed.)
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
