Some one mentioned about an issue with clustering and usage of Kerberos tickets. When a cluster node fails over to a new machine, a request coming in with a username and a kerberos ticket goes through the jaas framework and the GSS-API throws an error saying that the request is a replay attack. The idea is that once a Kerberos setup has been performed with a service using the GSS api, the security cache needs to be the point of contact for the username. Your thoughts/feedback? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4041084#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...