Ticket 5338: Race conditions in key rotation

Nicolas Williams Nicolas.Williams at sun.com
Mon Jun 23 18:03:31 EDT 2008

On Thu, Jun 19, 2008 at 01:59:45AM -0400, Roland Dowdeswell wrote:
> Failing over to the master on failures is an easy and seamless way
> to provide a consistent view of a completely up to date Kerberos
> database at any time when the master is reachable.  This is not
> merely an issue of solving a race here or there.  It is about
> designing a system which with as little state as possible can
> present a view to its client libraries that allows changes to be
> effective immediately [almost all the time] without having the
> master KDC have to block changes until each of the slaves has
> accepted it.
> There is one case in which this is currently done.  Password changes.
> It works.
> I proposed this in RT 5338 to solve the TGS key rotation race.  It
> does this simply.

It would help too if krb5kdc were multi-threaded, otherwise clients can
time out if too many hit the master at once, and meanwhile the master is
not maxing either its CPU nor its I/O.


More information about the krbdev mailing list