Negative caching of unknown principals
Simo Sorce
simo at redhat.com
Sat Aug 2 08:01:26 EDT 2014
On Fri, 2014-08-01 at 16:46 -0500, Nico Williams wrote:
> IMO a negative cache belongs in the ccache, with some TTL, and with
> kvno(1) always (or optionally) ignoring NAKs.
I agree you want to avoid all involved processes in a script to see
negative caches.
And perhaps add a kdestroy switch that just remove negative entries ?
This would make it possible for admins to deal with bad negative entries
during administrative tasks without having to throw away the ccache
entirely.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the krbdev
mailing list