0 Replies Latest reply on Mar 4, 2013 5:20 AM by 994528

    Disabling Replay Cache in Kerberos JGSS

      I want to disable the replay cache during context establishment in Kerberos ( JGSS ) to avoid Request is a replay (34) exception. JGSS provides the method requestReplayDet() to be called on initiator side but this works only to detect replay of tokens passed after context establishment. context.requestReplayDet(false) doesn't prevent the replay exception during context establishment.

      I am using separate context for each thread. For replay detection, JGSS just checks if multiple context establishment request from a client has same timestamp in authenticator. With several threads using the same client principal, it may happen that the replay attack detected is false positive.

      MIT kerberos provides a way to disable replay cache by setting KRB5RCACHENAME=none in environment variables. In JGSS, there is no such thing.