[2212] in Kerberos_V5_Development
Re: Two stupid questions
daemon@ATHENA.MIT.EDU (Sam Hartman)
Sat Feb 8 13:19:40 1997
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: krbdev@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 08 Feb 1997 13:19:07 -0500
In-Reply-To: Ken Hornstein's message of Mon, 06 Jan 1997 17:39:50 -0500
>>>>> "Ken" == Ken Hornstein <kenh@cmf.nrl.navy.mil> writes:
Ken> Stupid question #2: - Are sequence numbers supposed to work
Ken> if you don't do mutual authentication? I ask this because
Ken> when I don't do mutual authentication, I get "wrong sequence
Ken> number" errors. I see code that sets the default sequence
Ken> number to the 1's compliment of the _other_ sequence number,
Ken> but I don't see that happening on both sides.
I'm answering old mail if you haven't guessed. The short
answer is that you really want to do mutual authentication if you're
doing sequence numbers. I'd have to look at the spec and at the code
to determine if it should work if you don't do mutual auth, but
honestly, it's just easier to do the mutual authentication than to try
and understand the implications of RFC1510.
--Sam
Ken> --Ken
