issue with MIT KDC and LDAP DS

Sam Hartman hartmans at MIT.EDU
Mon May 25 10:09:26 EDT 2009

I think this sounds like a good idea.
I'd like to specifically call for a project write-up though, covering

1) background vs per connection
2) error return vs dropping requests

3) ;How we rate limit attempts to connect to the LDAP server

4) How we turn likely configuration failures such as LDAP is up but we
cannot authenticate into hard initial failures while preserving this
behavior for LDAP is down.

My personal vote on the error vs hard fail is to go with svc_unavail.

More information about the krbdev mailing list