> > What I'm not understanding are the first 8 bytes of payload. > > If this command is executed with '-noauth' they are replaced > > with 4 bytes (0000 007d) aka XListOneVolume. > > > > Why would just those bytes be encrypted? Are they encrypted? > > Or is it some encoding I just don't understand? How does the > > receiving end know that just those bytes are encrypted? Etc? > > And with what key (since the two packets that follow are > > challenge, response) [then the reply and ackall].
> rxkad is sort of stateless: The client starts sending encrypted data (in > this case only the command). When the server has no security data for > this connection he replies with the challange packet which then by the > client is replied by the challange response packet which contains the > security data. These are decrypted with the KeyFile on the server and > allow then the server to extract the session key to decrypt the 1st packet. > The advantage is that a server restart between RPCs doesn't really > matter because both sides resynchronize their security data automatically. > If you would have called the vos command with -encrypt then probably > also the whole payload would have been encrypted. Thanks, So *how* does the server know that only the function-number is encrypted vs. all of the payload? (not to mention why bother encrypting the least sensitive bit of the whole thing!) John _______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
