We have a problem with false positives in Kerberos replay detection. It happens more often than we would expect. Our KDC is Active Directory. I have come to suspect that the timestamps in the authenticators effectively have less than the microsecond granularity as specified in RFC 4120. For example, it could be that the tick of the system clock is less than a microsecond.
Can anyone confirm or refute my suspicion?
Asked
Active
Viewed 234 times
1
Karsten Spang
- 111