kfw 2.6.3 will be forthcoming

Jeffrey Altman jaltman at columbia.edu
Wed May 26 09:43:45 EDT 2004

a problem with all of the kfw 2.6 series has been discovered by Ken Raeburn.
when the windows logon session is Kerberos authenticated, Leash is producing
a TGS_REQ storm to the KDC (one request per second) as it tests the ability
to obtain Kerberos credentials from the MSLSA: krb5_ccache.  It is reading
the MSLSA credential cache but for some reason on some systems Windows
is sending the TGS_REQ even though there is a valid TGT in the credential

2.6.3 modifies the Leash_importable() used by Leash32.exe to not perform
the query of the MSLSA as a means of determining if credentials are 
for import.

a 2.6.3 release will be available asap.

Jeffrey Altman

More information about the krbdev mailing list