New proposal (Re: Ticket 5338: Race conditions in key rotation)

Roland Dowdeswell elric at
Thu Jun 26 14:48:14 EDT 2008

On 1214497083 seconds since the Beginning of the UNIX epoch
Ken Raeburn wrote:
>On Jun 26, 2008, at 11:26, Roland Dowdeswell wrote:
>> If this is a standards change, let me suggest that errors be encoded
>> in a way similar to SMTP with an explicit statement from the KDC
>> about whether the error be permanent or transient.  That way, future
>> errors can be dealt with by legacy clients in a decent way.
>No, it's in RFC 4120, though not well defined there.  I believe  
>Microsoft is already using it, and the current MIT client code should  
>treat it as an indication to try another KDC.  (And of course I expect  
>the Microsoft client code does so as well.)

Well, that does sound like a good response in the the case that
the KDC actually knows that there exists a different KDC that can
answer the request.

    Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/

More information about the krbdev mailing list