Replaying and server side caching.
Darren Reed (OSE)
darrenr at optimation.com.au
Mon Apr 14 20:32:37 EDT 2003
> From: Matt Crawford
>
> > I understand why you would allow this for UDP, but in our experience,
> > we found that if the TGT request got to the KDC, it was extremely
> > unlikely for the TGT response to not find its way back to the client
> > in a normal operational environment.
>
> Is your "normal" environment restricted to one organization's private
> network? And uniform software? Mine reaches four continents with
> multiple implementations. I would not activate a KDC anti-replay
> feature, knowing that at least some implementations resend the same
> message.
Well, there's one WAN link involved but nothing quite as mixed as yours.
Anyway, it would seem there isn't a very high general level of interest
in this 'feature', so having made the offer and received feedback, I'll
just drop the subject now.
Cheers,
Darren
More information about the krbdev
mailing list