[krbdev.mit.edu #1201] kdc returns replay when replayed request not apparent
Sam Hartman
hartmans at MIT.EDU
Wed Nov 20 11:15:59 EST 2002
Hi. We're still working with some people at Microsoft on this issue.
We have a general understanding of the issue but not a specific
problem. IT seems that the Microsoft client is sending requests
within the same second that do not differ in the microsecond field.
The MIT implementation is correct to reject these requests according
to RFC 1510.
The MIT code could be improved to be more robust in replay detection
and revisions to the Kerberos protocol will allow this. We do plan to
implement the improvement, but will probably not ship it for a year or
two; it ends up being rather complicated to implement.
Once we find the specific problem on the Microsoft side we'll let you
know.
More information about the krb5-bugs
mailing list