The MIT ftp client uses only the REPLAY flag, which I think should be
changed to the SEQUENCE FLAG to provide the correct protection for the data
channel.
gss_init_sec_context(&min_stat,
GSS_C_NO_CREDENTIAL,
&gcontext,
target_name,
(gss_OID_desc *)gss_trials[trial].mech_type,
GSS_C_MUTUAL_FLAG | GSS_C_REPLAY_FLAG |
(forward ? GSS_C_DELEG_FLAG :
(unsigned) 0),
0,
&chan, /* channel bindings */
token_ptr,
NULL, /* ignore mech type */
&send_tok,
NULL, /* ignore ret_flags */
NULL); /* ignore time_rec */
Will I get problems with the SEQUENCE FLAG if I want to send a NOOP on the
command channel during a transfer happens on the data channel (.e.g. to keep
to command channel open through firewalls ) as the client and server have to
process the data in sync which is not necessarily given ?
Thanks
Markus
"Sam Hartman" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> >>>>> "Markus" == Markus Moeller <[EMAIL PROTECTED]> writes:
>
> Markus> will Sequence protection (GSS_C_SEQUENCE_FLAG)cover replay
> Markus> protection (GSS_C_REPLAY_FLAG) as well or are there cases
> Markus> were I need both ?
>
> I'd recommend using both, but I believe sequence is typically a
> superset.
>
> ________________________________________________
> Kerberos mailing list [EMAIL PROTECTED]
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
