AFS and tokenforwarding

Markus Friedl markus at
Thu Oct 4 18:46:51 EST 2001

On Thu, Oct 04, 2001 at 10:34:58AM +0200, Bjoern Groenvall wrote:
> Don't think I ever said that. However, as I said in my letter one must
> be a bit careful with ownership management of the forwarded
> tickets. That should be simple to verify though.

currently, i agree with Dug Song that the token should not be accpeted
by the server before client and server have authenticated each other.

this is why token handling was moved from auth1.c to session.c
when Dug imported Kerb5 to OpenSSH.


More information about the openssh-unix-dev mailing list