KDC is sending reset after each reply

[Nico Williams]

On Wed, Feb 13, 2013 at 8:57 AM, Mohadeb Mondal <mmondal at ixiacom.com> wrote:
>                 I have configured MIT Kerberos server in an Ubuntu machine. From another Ubuntu client machine when I am trying to authenticate myself I am able to do that.
>                 But in the packet capture I am seeing that after AS response the connection is getting closed by KDC, Again the client is initiating another TCP connection and sending TSG request.
>                 KDC is sending TGS response and closing the TCP connection.
>
>                 Can you please guide me if I misconfigured anything? Is this the way KDC should behave (I mean closing TCP connection after every response)?

The RFC says the KDC and the client can keep the connection open, but
there's no way for the client to request this, and so the common
practice is to close the connection after just one request.  Many
client implementations can't really keep TCP connections open for long
periods of time anyways, the one exception probably being Windows
(where the LSA could well recycle TCP connections to KDCs).

Nico
--