[7665] in Kerberos
Re: Client Software
daemon@ATHENA.MIT.EDU (Phillip R. Shaw)
Tue Jul 23 20:19:01 1996
To: kerberos@MIT.EDU
Date: Tue, 23 Jul 1996 22:29:49 GMT
From: phil@dra.com (Phillip R. Shaw)
Reply-To: phil@dra.com
kenh@cmf.nrl.navy.mil (Ken Hornstein) wrote:
>> This is not quite sufficient. You should also use some
>>mechanism to attach a checksum to the data you send, or encrypt the
>>data; the sample applications in appl/sample demonstrate this. The
>>GSSAPI interface may be more convenient.
>
>Forgive me if I'm wrong, but I was under the impression that krb5_sendauth()
>takes an argument for the checksum data, so presumably if you duplicated it,
>you would also duplicate the checksumming code. Also, the telnet code
>contains an example of using checksums as well.
>
>The reason I suggested the telnet source code was that if you're incorporating
>into another application, telnet is a better example of the steps you need
>to go through if krb5_sendauth()/krb5_recvauth() isn't an option.
>
>--Ken
Data encryption is not required for our application, only that we
verify the source of the packet. The data transportation is handled
entirely outside of our control, so I do not think
krb5_sendauth()/krb5_recvauth() is what we want. In reality I am not
even sure we could get the entire data packet to encryt.
prshaw@crl.com
These words are mine, and sometimes even I don't want them
