Replaying and server side caching.
crawdad at fnal.gov
Mon Apr 14 10:59:29 EDT 2003
> I understand why you would allow this for UDP, but in our experience,
> we found that if the TGT request got to the KDC, it was extremely
> unlikely for the TGT response to not find its way back to the client
> in a normal operational environment.
Is your "normal" environment restricted to one organization's private
network? And uniform software? Mine reaches four continents with
multiple implementations. I would not activate a KDC anti-replay
feature, knowing that at least some implementations resend the same
More information about the krbdev