Architectural Question ...
Jacques A. Vidrine
nectar at celabo.org
Thu Feb 6 10:36:35 EST 2003
On Thu, Feb 06, 2003 at 06:03:30AM -0800, Tony Cowan wrote:
> > No, that's the beauty of Kerberos.
>
> Thanks Luke.
> Someone tells me they've been sniffing and found that one particular
> implementation does in fact hit the KDC to validate the ticket.
> I wonder if it's actually hitting the KDC for some other purpose.
Another possibility: There was a bug in the Heimdal GSSAPI library
previous to version 0.4f where gss_acquire_cred(..., GSS_C_ACCEPT,
...) would do a useless AS exchange (using its keytab).
Cheers,
--
Jacques A. Vidrine <nectar at celabo.org> http://www.celabo.org/
NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos
jvidrine at verio.net . nectar at FreeBSD.org . nectar at kth.se
More information about the Kerberos
mailing list