On Tue, Sep 25, 2012 at 2:08 PM, Russ Allbery <[email protected]> wrote:
> We were quite concerned when we first looked at putting Kerberos KDCs > behind a hardware firewall because of that session limit. Our firewalls > have a 100,000 UDP session limit and a fairly quick timeout. Ideally you just disable the concept of a UDP "session" altogether. For kerberos traffic I can't imagine a benefit to maintaining sessions unless you need address translation. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
