[3660] in Kerberos-V5-bugs
Re: [krbdev.mit.edu #1201] kdc returns replay when replayed request not apparent
daemon@ATHENA.MIT.EDU (Sam Hartman via RT)
Wed Nov 20 11:17:20 2002
Message-Id: <rt-1201-3726.5.103221298004@krbdev.mit.edu>
In-Reply-To: <rt-1201@krbdev.mit.edu>
From: "Sam Hartman via RT" <rt-comment@krbdev.mit.edu>
Reply-To: rt-comment@krbdev.mit.edu
To: krb5-prs@mit.edu
Errors-To: krb5-bugs-admin@mit.edu
Date: Wed, 20 Nov 2002 11:16:15 -0500 (EST)
Hi. We're still working with some people at Microsoft on this issue.
We have a general understanding of the issue but not a specific
problem. IT seems that the Microsoft client is sending requests
within the same second that do not differ in the microsecond field.
The MIT implementation is correct to reject these requests according
to RFC 1510.
The MIT code could be improved to be more robust in replay detection
and revisions to the Kerberos protocol will allow this. We do plan to
implement the improvement, but will probably not ship it for a year or
two; it ends up being rather complicated to implement.
Once we find the specific problem on the Microsoft side we'll let you
know.
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs
