>>>>> "Nebergall," == Nebergall, Christopher <[EMAIL PROTECTED]> writes:
Nebergall,> If you hammer on a page with Internet Explorer it will
Nebergall,> send what MIT Kerberos considers replays of the
Nebergall,> gss-init-sec-context tokens. So in order to get
Nebergall,> around this you either need to always use SSL and
Nebergall,> disable the replay cache on the server, (Which unless
Nebergall,> the api has changed in recent versions of MIT Kerberos
Nebergall,> there is no api to do this), or it might also work to
Nebergall,> tweak MIT's replay cache to include sequence
Nebergall,> numbers. (MS seems to pick a random number for their
Nebergall,> initial sequence number, and these seem to change with
Nebergall,> each request.)
Disabling the replay cache for this protocol would be a bad idea from
a security standpoint.
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
