Random failure while communicating with KDC

subrahmanya sum.sagar at gmail.com
Mon Feb 24 10:42:00 EST 2014


Hi

We are randomly facing an issue while authenticating with KDC. KDC is
hosted in one machine.

I enabled logging in MIT code and also added some more tracing. I observed
that EINVAL is printed as value of 'e'. And, looking at other log messages
it seems in the failure scenario the code path mentioned in RED below is
being executed.

service_tcp_fd(krb5_context context, struct conn_state *conn,
               struct select_state *selstate, int ssflags)
{
    int e = 0;
    ssize_t nwritten, nread;

    if (!(ssflags & (SSF_READ|SSF_WRITE|SSF_EXCEPTION)))
        abort();
    switch (conn->state) {
        SOCKET_WRITEV_TEMP tmp;

    case CONNECTING:
        if (ssflags & SSF_READ) {
            /* Bad -- the KDC shouldn't be sending to us first.  */
            e = EINVAL /* ?? */;
        kill_conn:
            TRACE_SENDTO_KDC_TCP_DISCONNECT(context, conn);
            kill_conn(conn, selstate, e);
            if (e == EINVAL) {
                closesocket(conn->fd);
                conn->fd = INVALID_SOCKET;
            }
            return e == 0;
        }

As per the comment in the above code while in "CONNECTING" state SSF_READ
flag should never get set (which means select should never return that
socket is ready for READ?). But in our case it seems we are finding the
flag being set to SSF_READ. Does anyone know what could be the reason for
this issue? How could I get it working?

Thanks
Subrahmanya


More information about the Kerberos mailing list