Opened 7 years ago
Last modified 7 years ago
#12 new enhancement
Handling of multiple KDCs (failover, failback, etc.)
| Reported by: | Lewis Rosenthal | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | Heimdal - 1.5.3 |
| Component: | general | Version: | |
| Keywords: | Cc: |
Description (last modified by )
Thought this might prove useful at some point in the future for this or a related project.
On 2017-10-20, Nico posted the following to the Kerberos github discussion, related to ticket #346:
I believe the correct next state when the KDC returns KDC_ERR_SVC_UNAVAILABLE is KRB5_SENDTO_TIMEOUT, at least for now, but it would either be better to move to the next KDC immediately, or sleep a bit. I don't see where this code ever sleeps... which is strange. Ah, I get it. On timeout we always go to the next KDC, which is why we don't need to sleep: we wait in select(), and we round-robin KDCs. Still, if all KDCs fail with KDC_ERR_SVC_UNAVAILABLE we ought to sleep a bit before retrying once we run out of KDCs.
Following up to that immediately, he wrote:
Actually, no, that's wrong, at line 284 we need to clear the response and continue.
