J. Bruce Fields wrote:
> The problem is that integrity protection also adds another 8 bytes
> (length and sequence number) to the body of each rpc, and privacy in
> addition adds some variable amount of mechanism-specific encryption
> overhead (a few tens of bytes for krb5, I think).

tk_auth->au_cslack should account for this, right?  It should provide 
the largest number of bytes that could be required for the send and 
receive buffers.

> But if you're always allowing 400 bytes for the verifier then in
> practice we're not going to have any problems with the current
> mechanisms.

In practice, yes.  I would prefer we get this as right as possible now, 
so we don't get bitten by it when someone invents a GSS flavor that 
needs huge verifiers.