MS SPNEGO Replay Detection
Sam Hartman
hartmans at MIT.EDU
Wed Mar 19 17:43:04 EST 2003
>>>>> "Nebergall," == Nebergall, Christopher <cneberg at sandia.gov> writes:
Nebergall,> I've been testing SPNEGO tokens sent by Internet
Nebergall,> Explorer and the token's internal Kerberos
Nebergall,> gss_init_sec_context token sent by IE are occasionally
Nebergall,> being seen as a replay by MIT Kerberos. This normally
Nebergall,> only occurs when I try to load a page in apache with
Nebergall,> several images and I frequently reload the page.
This is a known bug in the Microsoft implementation.
More information about the krbdev
mailing list