Snapshot of monthly KDC traffic for stanford.edu

Russ Allbery rra at stanford.edu
Thu Apr 1 19:36:37 EDT 2010


Mark Sirota <msirota at isc.upenn.edu> writes:
> ----- "Russ Allbery" <rra at stanford.edu> wrote:

>> I'm intrigued by the *huge* margin between the number of initial
>> authentications and the number of service tickets issued.  This appears
>> to be due to a couple of factors: ...

> Could also be from applications that are attempting to do password
> verification by getting a TGT and then failing to complete the process
> by trying to use it for something.  I know we found one popular Java
> library that does that.

Yeah, I'm wondering if Zimbra fails to actually verify the user's
credentials against a local keytab.  That would certainly explain a lot of
these, from people using mail clients that are doing password over TLS.

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>



More information about the Kerberos mailing list