Off-Topic, was: SASL/GSSAPI bind in LDAP plugin?
Henry B. Hotz
hotz at jpl.nasa.gov
Fri Feb 17 17:53:51 EST 2006
On Feb 17, 2006, at 2:07 PM, Andrew Bartlett wrote:
> The 'bug' is that when Heimdal's LDAP server goes away, things fail
> into
> an 'authoritative user not found' state. That is, I have a KDC
> assuring
> the rest of the network that it knows the user doesn't exist.
>
> I looked at fixing it, and found that in that codebase,
> communicating an
> error that would make the client try again (hopefully to a KDC with a
> working backend) was really hard. I just tried to fix the issue that
> was causing my (local) LDAP server to crash.
I've gotten into that situation from a completely different cause.
(Bug in DB access locking code.) Having the KDC authoritatively say
something wrong is, er, wrong.
Is there a Kerberos error that could be returned that would cause
clients to try a different KDC? (Other than simply not responding at
all that is.)
------------------------------------------------------------------------
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the krbdev
mailing list