[krbdev.mit.edu #8579] duplicate caching of some cross-realm TGTs
Sam Hartman via RT
rt-comment at krbdev.mit.edu
Mon Apr 24 18:00:11 EDT 2017
>>>>> "Greg" == Greg Hudson via RT <rt-comment at krbdev.mit.edu> writes:
Greg> For client-driven cross-realm scenarios, I believe we should
Greg> cache the TGTs we ask for, but not alternate TGTs. If we
Greg> cache alternate TGTs, we could have the same kind of scenario
Greg> where we repeatedly cache an alternate TGT because the overall
Greg> TGS operation fails.
Agreed.
More information about the krb5-bugs
mailing list