|
| From: | shishi-commit |
| Subject: | TLS fixes. |
| Date: | Thu, 18 Dec 2003 06:43:10 +0100 |
| Commit from jas | 2003-12-18 06:43 CET |
TLS fixes.
| Module | File name | Revision | |||
|---|---|---|---|---|---|
| shishi | doc/shishi.texi | 1.112 | >>> | 1.113 | |
| shishi/doc/shishi.texi 1.112 >>> 1.113 |
|---|
| Line 1852 |
|
or SRP (i.e., any mechanism supported by TLS) to authenticate themselves to the Kerberos server. |
|
- @section Setting up Anonymous TLS |
|
+ @subsection Setting up Anonymous TLS |
|
@cindex anonymous tls @cindex Diffie Hellman key exchange |
| Line 4011 |
|
If the TLS negotiation ended successfully, possibly also considering client or server policies, the exchange within the TLS protected stream is performed like normal UDP Kerberos 5 exchanges, i.e., there |
|
- is no TCP 4 octet length field before each packet. |
|
+ is no TCP 4 octet length field before each packet. Instead each + Kerberos packet MUST be sent within one TLS record, so the application + can use the TLS record length as the Kerberos 5 packet length. |
|
The server MAY consider the authentication performed by the TLS exchange as sufficient to issue Kerberos 5 tickets to the client, |
| [Prev in Thread] | Current Thread | [Next in Thread] |