>Whether the initiator can generate per-message tokens before receiving >the subkey depends on whether the mechanism returned the prot_ready >state (RFC 2743 section 1.2.7) to the caller after generating the >initiator token. RFC 4121 does not mention prot_ready; I couldn't say >whether that's an implicit contraindication on setting the bit. I'm not >aware of any krb5 mechs setting the bit at that point in the initiator, >although I recall Nico talking about maybe wanting to do so.
Fair enough; every time I think I might understand the GSSAPI, there is always something else in that mess. I don't think given subkey negotiation it would be possible for a krb5 mechanism to legitimately set prot_ready before authentication was complete, but it sure seems like this is a corner case. Certainly it seems like Heimdal always assumes that the other end will behave that way. >The comment was written twenty years ago by a developer no longer >working for MIT, and I don't recall having any conversations about it >before this one. NOW I feel old :-/ --Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos