> Yes, you will need separate auth contexts if you want to use > sequence numbers on some messages but not others.
That's what I figured. I'll have to mk_req/rd_req/mk_rep/rd_rep both on the ordered and unordered channels (which, sadly, are on the same UDP socket, so it's kind of silly...) to generate the auth_contexts correctly, right? Chris On 2011/08/03 15:13, Greg Hudson wrote: > On Wed, 2011-08-03 at 17:47 -0400, Chris Hecker wrote: >> Right, but I'm going to force the replay cache off and use subkeys like >> we discussed in the other thread. I assume I can't use the do-sequence >> flag on an unordered/unreliable channel? So, if I want to mk_priv/safe >> on that channel, will I need another auth_context? > > Yes, you will need separate auth contexts if you want to use sequence > numbers on some messages but not others. > > For the unordered messages, since you are using neither sequence numbers > nor a replay cache, you'll need to address replays at the application > protocol layer. > > > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
