[krbdev.mit.edu #7358] SVN Commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Wed Sep 12 15:03:30 EDT 2012
Map CANTLOCK_DB to SVC_UNAVAILABLE in krb5kdc
The KDC should not return KRB5KRB_ERR_GENERIC (KRB_ERR_GENERIC) when the
KDB plugin returns KRB5_KDB_CANTLOCK_DB: it should return
KRB5KDC_ERR_SVC_UNAVAILABLE (KDC_ERR_SVC_UNAVAILABLE) instead. This
allows clients to immediately fallback onto other KDCs.
When we switch to using blocking locks in the db2 KDB backend we'll very
rarely hit this code path, perhaps only when racing against a kdb5_util load.
Other KDB backends might still return KRB5_KDB_CANTLOCK_DB often enough that
this change is desirable.
https://github.com/krb5/krb5/commit/9e182bcee06362de1dd0aa6a6bc71929c7543600
Author: Nicolas Williams <nico at cryptonector.com>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: 9e182bcee06362de1dd0aa6a6bc71929c7543600
Branch: master
src/kdc/do_as_req.c | 4 ++++
src/kdc/do_tgs_req.c | 4 ++++
2 files changed, 8 insertions(+), 0 deletions(-)
More information about the krb5-bugs
mailing list