Storing Information on the Server (System Administration Guide: Security Services)

System Administration Guide: Security Services

Previous: Decrypting the Conversation Key
Next: Returning the Verifier to the Client

Storing Information on the Server

After the server decrypts the client's time stamp, it stores four items of information in a credential table:

The client's computer name
The conversation key
The window
The client's time stamp

The server stores the first three items for future use. The server stores the time stamp to protect against replays. The server accepts only time stamps that are chronologically greater than the last time stamp seen, so any replayed transactions are guaranteed to be rejected.

Note –

Implicit in these procedures is the name of the caller, who must be authenticated in some manner. The keyserver cannot use DES authentication to authenticate the caller because it would create a deadlock. To solve this problem, the keyserver stores the secret keys by user ID (UID) and grants requests only to local root processes.

Previous: Decrypting the Conversation Key
Next: Returning the Verifier to the Client