Lost Authenticator for an krb_ap_request

Ahluwalia, Ish iahluwalia at sonusnet.com
Thu Feb 3 18:56:45 EST 2005

Hi All:

Does anyone one know that if for some reason Kerberos loses track of any authenticator presented with in the acceptable clock skew, then kerberos rejects all the requests untill the interval has passed?

The above question directly stems out of the Kerberos V5 requirement where Kerberos must remember any authenticators presented with the acceptable clock skew, so that replay attempt is guaranteed to fail.

Any information/thoughts will be highly appreciated?



More information about the Kerberos mailing list