New proposal (Re: Ticket 5338: Race conditions in key rotation)
Roland Dowdeswell
elric at imrryr.org
Thu Jun 26 11:26:09 EDT 2008
On 1214488324 seconds since the Beginning of the UNIX epoch
Ken Raeburn wrote:
>
>> Given that failing on UDP to a lack of a response takes a bit of
>> time, it would probably make sense to define an error which mandates
>> the immediate failover. That would require modifications to the
>> client-side libraries.
>
>KDC_ERR_SVC_UNAVAILABLE?
If this is a standards change, let me suggest that errors be encoded
in a way similar to SMTP with an explicit statement from the KDC
about whether the error be permanent or transient. That way, future
errors can be dealt with by legacy clients in a decent way.
--
Roland Dowdeswell http://www.Imrryr.ORG/~elric/
More information about the krbdev
mailing list