Negative caching of unknown principals
Benjamin Kaduk
kaduk at MIT.EDU
Sat Aug 2 17:03:17 EDT 2014
On Sat, 2 Aug 2014, Simo Sorce wrote:
> On Fri, 2014-08-01 at 16:46 -0500, Nico Williams wrote:
>> IMO a negative cache belongs in the ccache, with some TTL, and with
>> kvno(1) always (or optionally) ignoring NAKs.
>
> I agree you want to avoid all involved processes in a script to see
> negative caches.
I'm failing to parse this sentence.
> And perhaps add a kdestroy switch that just remove negative entries ?
> This would make it possible for admins to deal with bad negative entries
> during administrative tasks without having to throw away the ccache
> entirely.
This makes it sound like if I stopped after "I agree" in the above
sentence, I would be on the right track.
-Ben
More information about the krbdev
mailing list