n“Time”
is very important in Kerberos
nAll
participants in the realm need accurate clocks
nTimestamps
are used in authenticators to detect replay; if a host can be fooled about the
current time, old authenticators could be replayed
nTickets
tend to have lifetimes on the order of hours, and replays are possible during
the lifetime
of the ticket