Ticket 5338: Race conditions in key rotation
Nicolas.Williams at sun.com
Mon Jun 23 18:03:31 EDT 2008
On Thu, Jun 19, 2008 at 01:59:45AM -0400, Roland Dowdeswell wrote:
> Failing over to the master on failures is an easy and seamless way
> to provide a consistent view of a completely up to date Kerberos
> database at any time when the master is reachable. This is not
> merely an issue of solving a race here or there. It is about
> designing a system which with as little state as possible can
> present a view to its client libraries that allows changes to be
> effective immediately [almost all the time] without having the
> master KDC have to block changes until each of the slaves has
> accepted it.
> There is one case in which this is currently done. Password changes.
> It works.
> I proposed this in RT 5338 to solve the TGS key rotation race. It
> does this simply.
It would help too if krb5kdc were multi-threaded, otherwise clients can
time out if too many hit the master at once, and meanwhile the master is
not maxing either its CPU nor its I/O.
More information about the krbdev