[1365] in Kerberos_V5_Development
Re: kdc performance and rcache
daemon@ATHENA.MIT.EDU (Bill Sommerfeld)
Sat Jun 29 19:48:31 1996
To: Ken Raeburn <raeburn@cygnus.com>
Cc: Sam Hartman <hartmans@MIT.EDU>, krbdev@MIT.EDU
In-Reply-To: Your message of "29 Jun 1996 17:55:05 -0400 ."
<tx1afxmz35y.fsf@cygnus.com>
Date: Sat, 29 Jun 1996 19:41:16 -0400
From: Bill Sommerfeld <sommerfeld@orchard.medford.ma.us>
-----BEGIN PGP SIGNED MESSAGE-----
I butted heads with this in our product a few months ago.
If you leave in the replay cache but take out the lookaside cache, the
KDC will error out if a client retransmits a request.
It's not at all clear to me why replay protection is needed in the KDC
at all; I suspect it was put there either to exercise the replay cache
code itself, or just for conservative engineering reasons ..
Who wrote that chunk of the code in the first place? Why don't we ask
them...
- Bill
-----BEGIN PGP SIGNATURE-----
Version: 2.6.1
iQCVAwUBMdW/GbT+rHlVUGpxAQFxJgQAo+K/vp+z9mq8cZg4QsN8gI78am7F9ueO
+CS0U03OIMQiG0UjVj0NnBGIsimBPvmwr0fPAGeaXOhQyJYCRdiqGlSi/G0B2ia+
RU9HZpgjAMRjF7481NbWkXAMzW19Bwhf5GeDanwELOz9BQZg0k23vmgoCK8w138H
T67HA0tOPAo=
=TPHs
-----END PGP SIGNATURE-----
