>Kerberos does not ensure message integrity (assuming you are referring to >data in addition to the authentication ticket). However, the GSS API which >is a part of MIT's KerberosV can be used to checksum (GSS_GetMIC()) or >encrypt for privacy (GSS_Wrap()).
But you _can_ do that inside of Kerberos. That's what the KRB_PRIV (confidentiality) and KRB_SAFE (integrity-only) messages are for. In addition, you can use the same crypto primitives that the Kerberos GSS mechanism uses to do it yourself (although that's probably a bad idea, since it's easy to get that wrong). --Ken ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
