> By default, an auth context will use a replay cache to prevent > replays (this is controlled by the do-time flag).
Right, but I'm going to force the replay cache off and use subkeys like we discussed in the other thread. I assume I can't use the do-sequence flag on an unordered/unreliable channel? So, if I want to mk_priv/safe on that channel, will I need another auth_context? Not sure if that makes sense? If not, I can try to explain it better. Chris On 2011/08/03 14:39, Greg Hudson wrote: > On Wed, 2011-08-03 at 16:56 -0400, Chris Hecker wrote: >> This brings up the question of what to do in unordered/unreliable >> situations? I have a UDP stream between clients that's a mix of >> ordered/reliable "pseudo-tcp" messages and unordered/unreliable >> messages. My original plan was to use the pseudo-tcp messages to >> negotiate the u2u auth_contexts, but I also want to be able to >> mk_safe/mk_priv on the unreliable messages. Do I need two auth_contexts >> in that case, one without do-sequence set? > > By default, an auth context will use a replay cache to prevent replays > (this is controlled by the do-time flag). > > > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
