Jeffery, Without looking at our code, I cannot be sure of all of the cases where we use the KDC IP address (stored in cache). However, one case where I know it is used, is when we report it to the user, when they use "klist -a". This allows the user to know which KDC (or KDCs) have a clock which is out of sync with the client clock. For cache type 1,2 and 3 we store the IP address of KDC in the ticket address field (e.g. the same place where IP addresses are stored in tickets if requested during AS-REQ/AS-REP exchange. We cannot assume that the clock on all KDCs for a particular domain are in sync. Just like we cannot assume that the client clock is in sync with the KDC.
Thanks, Tim -----Original Message----- From: Jeffrey Hutzelman [mailto:[EMAIL PROTECTED] Sent: 13 September 2006 18:12 To: Tim Alsop; Simon Josefsson Cc: [email protected]; Jeffrey Hutzelman Subject: RE: Credential cache file format documentation On Wednesday, September 13, 2006 05:31:13 PM +0100 Tim Alsop <[EMAIL PROTECTED]> wrote: > For cache type 1,2 and 3 we currently store deltatime info in a hidden > ticket in the cache, and we also store the IP address of the KDC where > the time offset came from. The deltatime header tag does not currently > allow any way to store this ip address, so this is what we were thinking > of adding, into a new tag. What do you use that information for? ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
