clock skew and preauth

Sam Hartman hartmans at MIT.EDU
Tue Apr 17 17:32:46 EDT 2012

There's a discussion of the auditing vulnerability in section 5.4.6 of
RFC 6113. In that case the armor ticket lifetime limits the window of
the vulnerability.

The conclusion there, which I agree with is that it is often preferable
to have a working system than no false audit events.

More information about the krbdev mailing list