[krbdev.mit.edu #8579] duplicate caching of some cross-realm TGTs

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[krbdev.mit.edu #8579] duplicate caching of some cross-realm TGTs

Greg Hudson via RT
For client-driven cross-realm scenarios, I believe we should cache the
TGTs we ask for, but not alternate TGTs.  If we cache alternate TGTs, we
could have the same kind of scenario where we repeatedly cache an
alternate TGT because the overall TGS operation fails.

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
Reply | Threaded
Open this post in threaded view
|

Re: [krbdev.mit.edu #8579] duplicate caching of some cross-realm TGTs

Greg Hudson via RT
>>>>> "Greg" == Greg Hudson via RT <[hidden email]> writes:

    Greg> For client-driven cross-realm scenarios, I believe we should
    Greg> cache the TGTs we ask for, but not alternate TGTs.  If we
    Greg> cache alternate TGTs, we could have the same kind of scenario
    Greg> where we repeatedly cache an alternate TGT because the overall
    Greg> TGS operation fails.

Agreed.

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs