Replaying and server side caching.

Darren Reed (OSE) darrenr at
Mon Apr 14 20:32:37 EDT 2003

> From: Matt Crawford
> > I understand why you would allow this for UDP, but in our experience,
> > we found that if the TGT request got to the KDC, it was extremely
> > unlikely for the TGT response to not find its way back to the client
> > in a normal operational environment.
> Is your "normal" environment restricted to one organization's private
> network? And uniform software? Mine reaches four continents with
> multiple implementations. I would not activate a KDC anti-replay
> feature, knowing that at least some implementations resend the same
> message.

Well, there's one WAN link involved but nothing quite as mixed as yours.

Anyway, it would seem there isn't a very high general level of interest
in this 'feature', so having made the offer and received feedback, I'll
just drop the subject now.


More information about the krbdev mailing list