Re: [Perlgssapi-developer] [Fwd: CPAN Upload: L/LE/LEIFJ/LWP-Authen-Negotiate-0.03.tar.gz]

[Achim G. <per...@gr...>]

On Friday 17 February 2006 08:43, Leif Johansson wrote:
> next

You use GSS_C_MUTUAL_FLAG on every request:

my $iflags = GSS_C_MUTUAL_FLAG;
$iflags |= GSS_C_DELEG_FLAG if $ENV{LWP_AUTHEN_NEGOTIATE_DELEGATE};

isn't it better to use GSS_C_MUTUAL_FLAG only if
Delegation is needed?
(Most setups need only to authenticate the user?)

In my implementation I have set GSS_C_REPLAY_FLAG,
is that not needed?
(My idea was that this can stop MITM attackers.
 am I wrong? - I am unsure!)

Achim