>I think the sequence number is used for this. It appears from the way >Microsoft implements their server, that they don't check the timestamps. > >Now to figure out how to tell the krb5 layer that this is a DCE_STYLE >third leg... The acceptor should be able to tell from the flags in the 0x8003 checksum. -- Luke --