Replaying and server side caching.
hartmans at MIT.EDU
Wed Apr 9 12:28:49 EDT 2003
>>>>> "Darren" == Darren Reed (OSE) <darrenr at optimation.com.au> writes:
Darren> Whilst testing the KDC with replaying TGT requests, it
Darren> became apparent that if the cache was enabled then a
Darren> replayed TGT request would be answered. This seemed
Darren> dubious in terms of security, but is it deliberate ?
Yes. Kerberos supports UDP. IT will replay the exact same response,
giving no cryptographic advantage.
More information about the krbdev