Hi group,
i have a question. When i start shishid with gnutls to support
authentication with certificates i must provide the paths for shishid
certificate, its private key and the ca certificate. But shishi, (the
client) looks for only his certificate and private key and not for the
CA certificate. In this way the client can autheticate torward the KDC,
the KDC torward the client, but while the KDC can verify that the client
certificate was issued by a valid CA, the client can't!
Is it correct ?
Can the client be exposed to impesonification of KDC attack?
If it is wrong can you explain me please?
Alberto
_______________________________________________
Help-shishi mailing list
Help-shishi@gnu.org
http://lists.gnu.org/mailman/listinfo/help-shishi
