Replaying and server side caching.

[Sam Hartman]

>>>>> "Darren" == Darren Reed (OSE) <darrenr at optimation.com.au> writes:

    Darren> Whilst testing the KDC with replaying TGT requests, it
    Darren> became apparent that if the cache was enabled then a
    Darren> replayed TGT request would be answered.  This seemed
    Darren> dubious in terms of security, but is it deliberate ?


Yes.  Kerberos supports UDP.  IT will replay the exact same response,
giving no cryptographic advantage.