Re: [Perlgssapi-users] Client/Server Question

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi!

Now I've some clear ideas on my mind.

I think you remember my webservice problems. 

Now I now what SPNEGO stands for. It is an extension of the
HTTP that creates some TCP connection for having mutual 
authentication BEFORE the GET. I'm wrong?

Now, since I cannot have mutual authentication because I'm 
in a webservice, and I would like to reach this auth in some way, 
I think I'll study SPNEGO. 

But, for now, my problem is: 

I've the token for my service. If I resend the token to the 
kerberos, this token has the same nonce, so kdc find the Replay Attack. 

If I can create a nonce=nonce+1, everything should be OK. 

How can I?

(I hope you'll remember my problem, otherwise, I can explain ... let me know)

Thanks!

-- 
Massimiliano Masi

http://www.comunidelchianti.it/~max