Replaying and server side caching.

[Matt Crawford]

> I understand why you would allow this for UDP, but in our experience,
> we found that if the TGT request got to the KDC, it was extremely
> unlikely for the TGT response to not find its way back to the client
> in a normal operational environment.

Is your "normal" environment restricted to one organization's private
network? And uniform software? Mine reaches four continents with
multiple implementations. I would not activate a KDC anti-replay
feature, knowing that at least some implementations resend the same
message.