Reuse of GSSAPI Tokens

Nicolas Williams Nicolas.Williams at
Thu Jul 21 12:11:25 EDT 2005

On Thu, Jul 21, 2005 at 12:03:46PM -0400, Jiva DeVoe wrote:
> I'm not sure what this means.
> Is it possible to use the token twice?  Or not?
> I mean, obviously, I could reuse the context itself... am just  
> curious if kerberos defines that a token may not be used to establish  
> more than one context.

Kerberos does that, yes.

> What is Replay caching?

There's a cache of AP-REQs that have been seen in the time skew window
(+- 5 minutes), and none are accepted that have been seen or which fall
outside the replay window.

More information about the krbdev mailing list