-
Type:
Bug
-
Resolution: Won't Fix
-
Priority:
P4
-
Affects Version/s: None
-
Component/s: security-libs
-
None
Although the initial sequence number, as exchanged in AP-REQ and AP-REP, is 32-bit, RFC 4121 defined a 8-byte SND_SEQ field to store it in MessageToken_v2. This means we can "upgrade" the 32-bit integer from the security context establishment into a 64-bit integer to be used in secure communications.
MIT krb5 does this.
BTW, for interoperability, and some other compatibility reasons on signed/unsigned ints, both Java and MIT krb5 only generate an initial sequence number not greater than 2^30 now, so error could only happen after about 2^30 messages been sent.
MIT krb5 does this.
BTW, for interoperability, and some other compatibility reasons on signed/unsigned ints, both Java and MIT krb5 only generate an initial sequence number not greater than 2^30 now, so error could only happen after about 2^30 messages been sent.