Negative caching of unknown principals

Simo Sorce simo at
Sun Aug 3 13:04:59 EDT 2014

On Sat, 2014-08-02 at 17:03 -0400, Benjamin Kaduk wrote:
> On Sat, 2 Aug 2014, Simo Sorce wrote:
> > On Fri, 2014-08-01 at 16:46 -0500, Nico Williams wrote:
> >> IMO a negative cache belongs in the ccache, with some TTL, and with
> >> kvno(1) always (or optionally) ignoring NAKs.
> >
> > I agree you want to avoid all involved processes in a script to see
> > negative caches.
> I'm failing to parse this sentence.

uhmm I think there is a "to avoid" that doesn't belong here.
What I meant is that is you have a shell script you want all processes
that may be invoked by it to see the same negative cached elements, and
the only way to do it is by storing them in a file, the ccache.

> > And perhaps add a kdestroy switch that just remove negative entries ?
> > This would make it possible for admins to deal with bad negative entries
> > during administrative tasks without having to throw away the ccache
> > entirely.
> This makes it sound like if I stopped after "I agree" in the above 
> sentence, I would be on the right track.



Simo Sorce * Red Hat, Inc * New York

More information about the krbdev mailing list