[7662] in Kerberos
Re: Client Software
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Mon Jul 22 22:40:17 1996
To: Sam Hartman <hartmans@MIT.EDU>
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of "22 Jul 1996 21:21:17 EDT."
<tslspajkbn6.fsf@tertius.mit.edu>
Date: Mon, 22 Jul 1996 22:34:05 -0400
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
> This is not quite sufficient. You should also use some
>mechanism to attach a checksum to the data you send, or encrypt the
>data; the sample applications in appl/sample demonstrate this. The
>GSSAPI interface may be more convenient.
Forgive me if I'm wrong, but I was under the impression that krb5_sendauth()
takes an argument for the checksum data, so presumably if you duplicated it,
you would also duplicate the checksumming code. Also, the telnet code
contains an example of using checksums as well.
The reason I suggested the telnet source code was that if you're incorporating
into another application, telnet is a better example of the steps you need
to go through if krb5_sendauth()/krb5_recvauth() isn't an option.
--Ken
