Architectural Question ...

Jacques A. Vidrine nectar at
Thu Feb 6 10:36:35 EST 2003

On Thu, Feb 06, 2003 at 06:03:30AM -0800, Tony Cowan wrote:
> > No, that's the beauty of Kerberos.
> Thanks Luke.
> Someone tells me they've been sniffing and found that one particular
> implementation does in fact hit the KDC to validate the ticket.
> I wonder if it's actually hitting the KDC for some other purpose.

Another possibility:  There was a bug in the Heimdal GSSAPI library
previous to version 0.4f where gss_acquire_cred(..., GSS_C_ACCEPT,
...) would do a useless AS exchange (using its keytab).

Jacques A. Vidrine <nectar at>
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrine at     .  nectar at  .          nectar at

More information about the Kerberos mailing list