[61] in Zephyr_Comments
Re: Forged windowgrams
daemon@ATHENA.MIT.EDU (John T Kohl)
Sun Jul 31 11:02:57 1988
Date: Sun, 31 Jul 88 11:01:00 EDT
From: John T Kohl <jtkohl@ATHENA.MIT.EDU>
To: ilham@juicy-juice.lcs.mit.edu
Cc: zephyr-comments@ATHENA.MIT.EDU
In-Reply-To: [0060]
What are the conditions for a message authentication being labeled as
'FORGED'?
When a notice is delivered and claims to be authentic, but the
cryptographic checksum using the DES session key from Kerberos doesn't
match the checksum in the notice, it is reported as forged.
What this means in practicality is that if you kinit while you have a
running zwgc, you need to subscribe to something to refresh the server's
version of your session key (the session key will change every time you
kinit). You can of course do something like 'zctl load' to refresh the
session key without really changing your subscriptions.
The 'fake zwrite' messages show up as unauthentic because they do not
claim to be authentic, so no authenticity check is performed.
John
