[EXTERNAL] resend spnego token
Nebergall, Christopher
cneberg at sandia.gov
Fri Dec 7 11:33:06 EST 2012
No, you shouldn't cache it or will be seen to be a replay attack. There is no reason it needs to contact the KDC again to generate another token after the first request where it gets a service ticket. Generally IIS only needs 1 Spnego token per connection, while mod_auth_kerb in apache wants one per request.
-Christopher
-----Original Message-----
From: kerberos-bounces at mit.edu [mailto:kerberos-bounces at mit.edu] On Behalf Of Rasanth Akali Kandoth
Sent: Friday, December 07, 2012 1:36 AM
To: kerberos at mit.edu
Subject: [EXTERNAL] resend spnego token
Hi,
I use mit-kerberos version 1.10.3 .
My http client app gets a spnego token after negotiating with microsoft AD and IIS and using gss_init_sec_context. I am trying to login using the same token again by saving it. is it the right way to do? I get a KRB5KRB_AP_ERR_REPEAT error in this case. if it is not the right way to do, how can i re-generate the token without contacting the AD(KDC) again?
--
Thanks & Regards,
Rasanth
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list