Architectural Question ...

Tony Cowan ttcowan at
Thu Feb 6 09:03:30 EST 2003

> No, that's the beauty of Kerberos.

Thanks Luke.
Someone tells me they've been sniffing and found that one particular
implementation does in fact hit the KDC to validate the ticket.
I wonder if it's actually hitting the KDC for some other purpose.
Getting further information perhaps .. I guess the "session" key
should be in the original message, so it shouldn't need to fetch that
... I wonder what else it might be.


More information about the Kerberos mailing list