New proposal (Re: Ticket 5338: Race conditions in key rotation)
Ken Raeburn
raeburn at MIT.EDU
Thu Jun 26 12:18:03 EDT 2008
On Jun 26, 2008, at 11:26, Roland Dowdeswell wrote:
>> KDC_ERR_SVC_UNAVAILABLE?
>
> If this is a standards change, let me suggest that errors be encoded
> in a way similar to SMTP with an explicit statement from the KDC
> about whether the error be permanent or transient. That way, future
> errors can be dealt with by legacy clients in a decent way.
No, it's in RFC 4120, though not well defined there. I believe
Microsoft is already using it, and the current MIT client code should
treat it as an indication to try another KDC. (And of course I expect
the Microsoft client code does so as well.)
More information about the krbdev
mailing list