New proposal (Re: Ticket 5338: Race conditions in key rotation)

Ken Raeburn raeburn at MIT.EDU
Thu Jun 26 12:18:03 EDT 2008

On Jun 26, 2008, at 11:26, Roland Dowdeswell wrote:
> If this is a standards change, let me suggest that errors be encoded
> in a way similar to SMTP with an explicit statement from the KDC
> about whether the error be permanent or transient.  That way, future
> errors can be dealt with by legacy clients in a decent way.

No, it's in RFC 4120, though not well defined there.  I believe  
Microsoft is already using it, and the current MIT client code should  
treat it as an indication to try another KDC.  (And of course I expect  
the Microsoft client code does so as well.)

More information about the krbdev mailing list