New proposal (Re: Ticket 5338: Race conditions in key rotation)
Roland Dowdeswell
elric at imrryr.org
Thu Jun 26 14:48:14 EDT 2008
On 1214497083 seconds since the Beginning of the UNIX epoch
Ken Raeburn wrote:
>
>On Jun 26, 2008, at 11:26, Roland Dowdeswell wrote:
>>> KDC_ERR_SVC_UNAVAILABLE?
>>
>> If this is a standards change, let me suggest that errors be encoded
>> in a way similar to SMTP with an explicit statement from the KDC
>> about whether the error be permanent or transient. That way, future
>> errors can be dealt with by legacy clients in a decent way.
>
>No, it's in RFC 4120, though not well defined there. I believe
>Microsoft is already using it, and the current MIT client code should
>treat it as an indication to try another KDC. (And of course I expect
>the Microsoft client code does so as well.)
Well, that does sound like a good response in the the case that
the KDC actually knows that there exists a different KDC that can
answer the request.
--
Roland Dowdeswell http://www.Imrryr.ORG/~elric/
More information about the krbdev
mailing list