[3659] in Kerberos-V5-bugs
Re: [krbdev.mit.edu #1201] kdc returns replay when replayed request
daemon@ATHENA.MIT.EDU (Sam Hartman)
Wed Nov 20 11:17:20 2002
To: rt-comment@krbdev.mit.edu
Cc: krb5-prs@mit.edu
From: Sam Hartman <hartmans@mit.edu>
In-Reply-To: <rt-1201-3725.1.0217037096568@krbdev.mit.edu> ("rmdyer@uncc.edu
via RT"'s message of "Tue, 19 Nov 2002 17:16:32 -0500 (EST)")
Message-ID: <tsllm3ofc8w.fsf@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Errors-To: krb5-bugs-admin@mit.edu
Date: Wed, 20 Nov 2002 11:15:59 -0500
Hi. We're still working with some people at Microsoft on this issue.
We have a general understanding of the issue but not a specific
problem. IT seems that the Microsoft client is sending requests
within the same second that do not differ in the microsecond field.
The MIT implementation is correct to reject these requests according
to RFC 1510.
The MIT code could be improved to be more robust in replay detection
and revisions to the Kerberos protocol will allow this. We do plan to
implement the improvement, but will probably not ship it for a year or
two; it ends up being rather complicated to implement.
Once we find the specific problem on the Microsoft side we'll let you
know.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs
