Tech Insider					   Technology and Trends


			   USENET Archives


Electronic mail:			      WorldWideWeb:
   tech-insider@outlook.com		         http://tech-insider.org/

From wesommer@ATHENA.MIT.EDU  Mon Aug 11 21:13:25 1986
To: bcn
Cc: kerberos
Subject: How am I supposed to cleanly get at the session key?
Date: Mon, 11 Aug 86 21:09:53 -0500
From: Bill Sommerfeld <wesommer@ATHENA.MIT.EDU>

To plug a lighter-weight authentication into the Sun RPC library
(using a method similar to that proposed in the Sun USENIX paper on
secure RPC, with Kerberos authenticators used for the initial exchange
of session keys), I need to get at a few things "internal" to
mk_ap_req:

 - The timestamp used inside the ticket (since there does not
seem to be any library routine for mutual authentication; the server
will ship back the timestamp-1 sealed in the session key and a 32-bit
identifier).  "Timestamp+1" is not used, since that could be used as a
verifier on another procedure call.

 - The session key contained in the authenticator.. There
doesn't seem to be any way to get that other than to use "retrieve"
again.  This will be used to encrypt successive timestamps attached to
each RPC request.

						- Bill

			   USENET Archives


Notice
******

The materials and information included in this website may only be used
for purposes such as criticism, review, private study, scholarship, or 
research.


Electronic mail:			      WorldWideWeb:
   tech-insider@outlook.com		         http://tech-insider.org/