* Magnus Hagander ([EMAIL PROTECTED]) wrote: > > > The way our Kerberos implementation is done, it does *not* validate > > > the server, just the client. If you want server > > verification, you must > > > use a combination of both Kerberos and SSL. > > > > Eh? We use mutual authentication in Kerberos... > > We do? That's good then :-) I was told by someone that we don't. Never > really checked into it, since all my installations already use SSL for > that. So, I'll retract my comment ;)
We pass in 'MUTUAL_REQUIRED' to krb5_sendauth and check the return value
of it correctly... I'd be really curious why 'someone' felt we weren't
doing mutual authentication... I don't see anything obvious..
Thanks,
Stephen
signature.asc
Description: Digital signature
