How often does MIT krb5 request for KDC info through DNS?

Weijun Wang at
Tue Aug 5 21:32:39 EDT 2014

On 8/5/2014 23:53, Nico Williams wrote:
>   - doing an HTTP request w/o authentication every time, thus getting a
>     401 then trying again with Kerberos

Recalculating an auth token for each request is a little heavy. The 
client is hoping the server would stop prompting for authentication 
after the 1st request. I remember seeing server actually doing that. 
Maybe you mean because the point below a Java server does not do that?

>   - servlets that don't use cookies to optimize away the GSS context
>     setup per-request(!!!)


More information about the krbdev mailing list