On 03/13/2013 12:30 AM, Rasanth Akali Kandoth wrote: > Hi, > When i enable delegation by setting the GSS_C_DELEG_FLAG > , gss_init_sec_context sends TGS req every time i click on a link on the > web page. basically for every request, the client sends a request for > service ticket. > Is this expected when you enable delegation ? if not, how can i avoid this?
This is, unfortunately, a known bad interaction between Kerberos on the web and the way we implement ticket forwarding. We make a request to the KDC for a fresh TGT each time we forward Kerberos tickets, which is fine for use cases like ssh, but is very inefficient when you're doing negotiate auth with ticket forwarding on a whole bunch of HTTP requests. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
