> Have a look at authsrv(6) in the manual. The authenticator sends a > pair of tickets to the client, one encrypted with the client's own > key and one encrypted with the server's key. That's what allows > both the client and server to authenticate each other.
i stand corrected. also i confused cpuserver and authserver. and i still don't have the details paged in, so thank you for contributing another good summary :) > Yes, I think you're probably right. I was thinking in terms of minimum > lines of code to change, but other factors are also important. i generally use the same tactic in regards to minimal changes, and i certainly see it isn't used often enough in the field. i think the rule also doesn't conflict with what happened: replacement of outdated systems without good incremental path for future improvements, with useful high-quality software developed from scratch. it can happen, despite the late hype around "enshittification". lastly, rules are meant to be broken. the details just happen to matter more than the rule of thumb here. and again, anybody who knows crypthographers, since the approach is rather modern, please help share cinap's paper, maybe even the code, have a look, the more eyes the more better ;) ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T56397eff6269af27-M925311bc2b8c990e6ba917ed Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
