[krbdev.mit.edu #7721] git commit
Greg Hudson via RT
rt at krbdev.mit.edu
Sun Jul 16 19:00:07 EDT 2023
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=7721 >
Defer primary KDC lookups
Add an internal variant of krb5_sendto_kdc() which records the
answering KDC in a list. Callers can check the list for replica KDC
use after the success or failure of the KDC exchange is determined,
avoiding DNS queries for the primary KDCs in many common cases and
using fewer DNS queries in other cases.
Perform the fallback in k5_get_init_creds() rather than
krb5_get_init_creds_password(). For now we must additionally perform
the fallback in krb5_get_init_creds_keytab() as it does not use
k5_get_init_creds().
Preserve the current signature of krb5_sendto_kdc() (it is used within
the tree outside of libkrb5, and might be used by other software
despite being non-public), but remove the behavior of setting
*use_primary.
https://github.com/krb5/krb5/commit/fabbf11f457a84904a5fa251584fd660a52fa583
Author: Greg Hudson <ghudson at mit.edu>
Commit: fabbf11f457a84904a5fa251584fd660a52fa583
Branch: master
src/include/k5-trace.h | 6 +-
src/lib/krb5/krb/gc_via_tkt.c | 12 +--
src/lib/krb5/krb/get_creds.c | 11 ++-
src/lib/krb5/krb/get_etype_info.c | 14 ++--
src/lib/krb5/krb/get_in_tkt.c | 87 ++++++++++++++++------
src/lib/krb5/krb/gic_keytab.c | 23 +++---
src/lib/krb5/krb/gic_pwd.c | 73 +++---------------
src/lib/krb5/krb/in_tkt_sky.c | 4 +-
src/lib/krb5/krb/int-proto.h | 8 +-
src/lib/krb5/os/locate_kdc.c | 152 +++++++++++++++++++++++++++++++++++---
src/lib/krb5/os/os-proto.h | 24 +++++-
src/lib/krb5/os/sendto_kdc.c | 46 ++++++------
src/tests/Makefile.in | 1 +
src/tests/t_sendto_kdc.py | 28 +++++++
14 files changed, 329 insertions(+), 160 deletions(-)
More information about the krb5-bugs
mailing list