Re: [Perlgssapi-users] Client/Server Question
Brought to you by:
achimgrolms
Menu
▾
▴
Re: [Perlgssapi-users] Client/Server Question
|
From: Massimiliano M. <mas...@ce...> - 2006-10-05 14:17:26
|
Hi, Maybe I've found a solution (with some helps). Doens't matter on which transport layer we're using. My problem is how to maintain a state. So, I can create the context, and receive in the client the mutual token. The server, before return the mutual token, and drop the connection, simply stores the temporary key in his disk in an hash, where the key of the hash can be a random number used as cookie. The client, at the second soap messages, sends the session key and this cookie. The server loads the key and can use GSS_wrap() and GSS_unwrap() for the following messages. Is it right? But. What's happen if someone replay the second message? I need to use anonymous https connection... Mmmmm. Any hints? -- Massimiliano Masi http://www.comunidelchianti.it/~max |
