On 11/16/10 1:52 PM, Alex Karasulu wrote:
On Tue, Nov 16, 2010 at 5:14 AM, Kiran Ayyagari<[email protected]>wrote:
sounds good to me, OTOH what are the disadvantages of reading whole
PDU and processing it?
Increases potentials for large PDU attacks to overflow memory but we can
mitigate that with limits on the PDU size we're willing to process.
The potential for PDU attack is the same. At least, we avoid creating a
data structure immediately.
However, I think we will need to define a dedicated KRB_PDU
configuration parameter, because Kerberos PDU are very likely to be
smaller than LDAP PDU.
--
Regards,
Cordialement,
Emmanuel Lécharny
www.iktek.com
