Replaying and server side caching.
Darren Reed (OSE)
darrenr at optimation.com.au
Mon Apr 14 20:32:37 EDT 2003
> From: Matt Crawford
> > I understand why you would allow this for UDP, but in our experience,
> > we found that if the TGT request got to the KDC, it was extremely
> > unlikely for the TGT response to not find its way back to the client
> > in a normal operational environment.
> Is your "normal" environment restricted to one organization's private
> network? And uniform software? Mine reaches four continents with
> multiple implementations. I would not activate a KDC anti-replay
> feature, knowing that at least some implementations resend the same
Well, there's one WAN link involved but nothing quite as mixed as yours.
Anyway, it would seem there isn't a very high general level of interest
in this 'feature', so having made the offer and received feedback, I'll
just drop the subject now.
More information about the krbdev