Ticket 5338: Race conditions in key rotation
Nicolas Williams
Nicolas.Williams at sun.com
Mon Jun 23 18:00:35 EDT 2008
On Mon, Jun 23, 2008 at 04:09:56PM -0400, Jeffrey Altman wrote:
> I am going to write a patch to introduce fail over to the master
> for all tgs requests. I will add it to ticket 5338 and it can
> then be evaluated for inclusion.
Note: failover needs to not happen if a master is not defined...
I know, it seems obvious...
But also, it may be a good idea to make it optional, or to make failover
be more of a "try another KDC" option.
The client's behaviour shouldn't prevent/complicate the possibility of
having kadmind instances running on all the KDCs nor multi-master
replication.
More information about the krbdev
mailing list