Re: [Perlgssapi-developer] [Fwd: CPAN Upload: L/LE/LEIFJ/LWP-Authen-Negotiate-0.03.tar.gz]
Brought to you by:
achimgrolms
Menu
▾
▴
Re: [Perlgssapi-developer] [Fwd: CPAN Upload: L/LE/LEIFJ/LWP-Authen-Negotiate-0.03.tar.gz]
|
From: Leif J. <le...@it...> - 2006-02-17 13:16:32
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Achim Grolms wrote:
> On Friday 17 February 2006 08:43, Leif Johansson wrote:
>> next
>
> You use GSS_C_MUTUAL_FLAG on every request:
>
> my $iflags = GSS_C_MUTUAL_FLAG;
> $iflags |= GSS_C_DELEG_FLAG if $ENV{LWP_AUTHEN_NEGOTIATE_DELEGATE};
>
> isn't it better to use GSS_C_MUTUAL_FLAG only if
> Delegation is needed?
> (Most setups need only to authenticate the user?)
>
> In my implementation I have set GSS_C_REPLAY_FLAG,
> is that not needed?
> (My idea was that this can stop MITM attackers.
> am I wrong? - I am unsure!)
You are right. I am now convinced your 0.04 is a better
starting point.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFD9cyq8Jx8FtbMZncRAszbAJ99fY6LWbNmCXupqTGgy5lm5Xo6MACgnt+i
eFR8eSPsL+b+ND8NGsG5cGY=
=7zVb
-----END PGP SIGNATURE-----
|
