Replaying and server side caching.

Matt Crawford crawdad at
Mon Apr 14 10:59:29 EDT 2003

> I understand why you would allow this for UDP, but in our experience,
> we found that if the TGT request got to the KDC, it was extremely
> unlikely for the TGT response to not find its way back to the client
> in a normal operational environment.

Is your "normal" environment restricted to one organization's private
network? And uniform software? Mine reaches four continents with
multiple implementations. I would not activate a KDC anti-replay
feature, knowing that at least some implementations resend the same

More information about the krbdev mailing list