Lost Authenticator for an krb_ap_request

[Ahluwalia, Ish]

Hi All:

Does anyone one know that if for some reason Kerberos loses track of any authenticator presented with in the acceptable clock skew, then kerberos rejects all the requests untill the interval has passed?

The above question directly stems out of the Kerberos V5 requirement where Kerberos must remember any authenticators presented with the acceptable clock skew, so that replay attempt is guaranteed to fail.

Any information/thoughts will be highly appreciated?

Thanks.

Ish...