On Thu, Sep 27, 2012 at 10:38 AM, Nico Williams <[email protected]> wrote: >> The above incident is a single misbehaving client suddenly doing about >> 600 requests / minute for around 30 minutes. During this window no one >> else could get a KDC response before the client timed out. > > The client is not misbehaving. The KDC is. The problem is on the KDC side.
I should add that this is the reason that you can't do anything with packet filters about this. The problem is not the client. *Any* client hitting the KDC just at the wrong time during a kprop will result in this problem. Nico -- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
