directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <>
Subject Re: Issues with the Keberos codec
Date Tue, 16 Nov 2010 13:04:20 GMT
On 11/16/10 1:52 PM, Alex Karasulu wrote:
> On Tue, Nov 16, 2010 at 5:14 AM, Kiran Ayyagari<>wrote:
>> sounds good to me, OTOH what are the disadvantages of reading whole
>> PDU and processing it?
> Increases potentials for large PDU attacks to overflow memory but we can
> mitigate that with limits on the PDU size we're willing to process.
The potential for PDU attack is the same. At least, we avoid creating a 
data structure immediately.

However, I think we will need to define a dedicated KRB_PDU 
configuration parameter, because Kerberos PDU are very likely to be 
smaller than LDAP PDU.

Emmanuel L├ęcharny

View raw message