On Tue, 2011-08-09 at 03:44 -0400, Chris Hecker wrote: > What's the in_data for on an AP-REQ/mk_req? It gets checksummed and > stuffed in the authenticator, but it doesn't seem to be used anywhere
An application can use this to checksum some data which is sent along with the authenticator request. The receiving application would have to use krb5_auth_con_getauthenticator() to get at the checksum and verify it. It's not a widely-used feature of the protocol (well, the GSSAPI mech uses the field, but not as an RFC 3961 checksum) and it's subject to replay attacks because no subkey has been established, so you're probably best off ignoring it. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
