Architectural Question ...

[Tony Cowan]

> No, that's the beauty of Kerberos.

Thanks Luke.
Someone tells me they've been sniffing and found that one particular
implementation does in fact hit the KDC to validate the ticket.
I wonder if it's actually hitting the KDC for some other purpose.
Getting further information perhaps .. I guess the "session" key
should be in the original message, so it shouldn't need to fetch that
... I wonder what else it might be.

Cheers,
Tc.