On 11/23/2012 04:14 AM, [email protected] wrote: >> The privileged process needs to provide the sub-session key to the >> unprivileged process. (If you reread that sentence, it says that three >> pieces of information are given, not two.) > > Oh, I'm sorry. You are right. I interpreted the sentence in a wrong way. > But the question is still there. If the unprivileged process builds the armor > key it needs the ticket session key. How is ensured that the user process > gets the key?
I think you're right; the privileged process needs to communicate either the ticket session key (in which case the client can choose the sub-session key and construct the authenticator) or the armor key. That's not stated in the RFC text. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
