Architectural Question ...
ttcowan at us.ibm.com
Thu Feb 6 09:03:30 EST 2003
> No, that's the beauty of Kerberos.
Someone tells me they've been sniffing and found that one particular
implementation does in fact hit the KDC to validate the ticket.
I wonder if it's actually hitting the KDC for some other purpose.
Getting further information perhaps .. I guess the "session" key
should be in the original message, so it shouldn't need to fetch that
... I wonder what else it might be.
More information about the Kerberos