[krbdev.mit.edu #3334] libkrb5 treats all KDC errors as terminal
Ken Raeburn via RT
rt-comment at krbdev.mit.edu
Tue Jan 10 18:22:31 EST 2006
On Jan 10, 2006, at 16:06, lukeh at padl.com via RT wrote:
> If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that that the
> client library will not failover to the next KDC. All error codes,
> except for KDC_ERR_RESPONSE_TOO_BIG, are treated as terminal.
Looks like this error code was quietly added from RFC 1510 -> RFC
4120 (somewhere between draft 03, 11/98, and draft 04, 6/99), without
any definition besides the not-very-helpful text "A service is not
available." There is no indication in the main text when this error
code might be returned. If it said "the KDC service is not
available", that might've been clearer, but "*a* service"?? What,
should we return this error if the local SMTP handler has been shut
down?
Also, the MIT code has no concept of "failing over to the next KDC".
If it gets a response back from any KDC, the loop querying the KDCs
terminates. RESPONSE_TOO_BIG is handled by starting the whole
process up again but looking only for TCP servers.
Handling this properly -- assuming failing over to the next KDC is in
fact the right response to this error code -- will probably involve
rewriting the query loop to add a callback to examine the returned
data and decide whether or how to continue the current query loop,
which servers to drop, etc. This would also be a better way of
handling RESPONSE_TOO_BIG, as well.
Ken
More information about the krb5-bugs
mailing list