Lookaside mechanism in KDC -- shared between processes?

Rick van Rein rick at openfortress.nl
Thu Nov 10 11:04:04 EST 2016


For a project on the KDC code [1] I'm trying to understand how lookaside
processing in the KDC works, as implemented in kdc/replay.c --
specifically, how it reaches all the processes that run inside the KDC.

I found that the hash table is a static array, so it will be shared
among processes, but the entries are simply allocated with calloc() and
would therefore be specific to each process.  So how can process A
detect that dispatch.c is active for a given KDC-REQ packet if that
packet is being dispatched from process B?


[1]  I'm trying to insert a link to a backend that uses DNSSEC/DANE for
realm crossover; it wants to avoid replaying a request about an
already-sought remote realm.

More information about the krbdev mailing list