Opened 3 years ago

Last modified 3 years ago

#12 new enhancement

Handling of multiple KDCs (failover, failback, etc.)

Reported by: Lewis Rosenthal Owned by:
Priority: minor Milestone: Heimdal - 1.5.3
Component: general Version:
Keywords: Cc:

Description (last modified by Lewis Rosenthal)

Thought this might prove useful at some point in the future for this or a related project.

On 2017-10-20, Nico posted the following to the Kerberos github discussion, related to ticket #346:

I believe the correct next state when the KDC returns KDC_ERR_SVC_UNAVAILABLE is KRB5_SENDTO_TIMEOUT, at least for now, but it would either be better to move to the next KDC immediately, or sleep a bit. I don't see where this code ever sleeps... which is strange. Ah, I get it. On timeout we always go to the next KDC, which is why we don't need to sleep: we wait in select(), and we round-robin KDCs. Still, if all KDCs fail with KDC_ERR_SVC_UNAVAILABLE we ought to sleep a bit before retrying once we run out of KDCs.

Following up to that immediately, he wrote:

Actually, no, that's wrong, at line 284 we need to clear the response and continue.

Change History (1)

comment:1 Changed 3 years ago by Lewis Rosenthal

Description: modified (diff)
Note: See TracTickets for help on using tickets.