Replaying and server side caching.

Sam Hartman hartmans at MIT.EDU
Wed Apr 9 12:28:49 EDT 2003

>>>>> "Darren" == Darren Reed (OSE) <darrenr at> writes:

    Darren> Whilst testing the KDC with replaying TGT requests, it
    Darren> became apparent that if the cache was enabled then a
    Darren> replayed TGT request would be answered.  This seemed
    Darren> dubious in terms of security, but is it deliberate ?

Yes.  Kerberos supports UDP.  IT will replay the exact same response,
giving no cryptographic advantage.

More information about the krbdev mailing list