Ticket 5338: Race conditions in key rotation
Jeffrey Altman
jaltman at secure-endpoints.com
Wed Jun 25 15:49:28 EDT 2008
Jeffrey Hutzelman wrote:
> Now, this will still be a fixed-master system, so the kadmin service will
> have to be advertised with the master's real name and address. If the
> master goes down, then kadmin, password-changing, and other services that
> require modifying the database will be unavailable. However, most clients
> will not notice because their requests will be routed to another KDC.
Note that admin_server and master_kdc in MIT kerberos are independent
concepts.
admin_server is the list of machines that provide administrative and
password change services.
master_kdc is the list of servers that are authoritative. They do not
have to be the same
and in a multi-master world, it is possible that either all or none of
the KDCs could be in
the master_kdc list.
> Until you introduce this change, which causes clients to try the
> advertised master for every KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN they get
> during aklog. Now, instead of logins happening as quickly as if there
> were no server down, they happen as slowly as if we didn't have the
> anycast pool to begin with.
This is not true. The delay when a server is down is the timeout
waiting for any response
not the time necessary to get KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN and retry.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20080625/984de3d1/attachment.bin
More information about the krbdev
mailing list