Pinning KDC IP addresses.

Sam Hartman hartmans at MIT.EDU
Thu Feb 15 06:50:54 EST 2007

The position we're taking in the krb-wg is that it is inappropriate to
assume that kdcs share state or that clients will tend to go back to
the same KDC.

In our preauth draft Larry and I are working on a state cookie that
clients can send back to servers to establish state.

MIT is not interested in code that assumes requests should go to the
same KDC unless the IETF decides to modify Kerberos and make this a


More information about the krbdev mailing list