On Wed, 2011-08-03 at 17:47 -0400, Chris Hecker wrote: > Right, but I'm going to force the replay cache off and use subkeys like > we discussed in the other thread. I assume I can't use the do-sequence > flag on an unordered/unreliable channel? So, if I want to mk_priv/safe > on that channel, will I need another auth_context?
Yes, you will need separate auth contexts if you want to use sequence numbers on some messages but not others. For the unordered messages, since you are using neither sequence numbers nor a replay cache, you'll need to address replays at the application protocol layer. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
