Hi Hudson, Thanks for the quick response. Regards, Rasanth
On Wed, Mar 13, 2013 at 10:20 AM, Greg Hudson <[email protected]> wrote: > On 03/13/2013 12:30 AM, Rasanth Akali Kandoth wrote: > > Hi, > > When i enable delegation by setting the GSS_C_DELEG_FLAG > > , gss_init_sec_context sends TGS req every time i click on a link on the > > web page. basically for every request, the client sends a request for > > service ticket. > > Is this expected when you enable delegation ? if not, how can i avoid > this? > > This is, unfortunately, a known bad interaction between Kerberos on the > web and the way we implement ticket forwarding. We make a request to > the KDC for a fresh TGT each time we forward Kerberos tickets, which is > fine for use cases like ssh, but is very inefficient when you're doing > negotiate auth with ticket forwarding on a whole bunch of HTTP requests. > > -- Regards, Rasanth ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
