Logic behind lib/krb5/os/k5_sendto()
Greg Hudson
ghudson at mit.edu
Thu Apr 18 15:02:55 EDT 2019
On 4/18/19 2:25 PM, Дилян Палаузов wrote:> Does this mean, that the TCP
connection is also retried more than once? You wrote, that there is a
single try to open a
> TCP connection.
Only a single non-blocking TCP socket is opened per KDC, but that socket
remains open for the whole duration, and the kernel will retry the TCP
connection on its own schedule.
> But I think resending the queries in this case to krb5kdc makes think worse, because the krb5kdc will have to deal then
> with even more (repeated) queries, and this slows everything down, when it is already slow, compared to a case, where
> queries are not retried.
Possibly, but the client has no way to distinguish between a UDP packet
getting lost and the KDC being slow to respond.
The KDC does have a lookaside cache which records the responses to
recent requests, so a retransmitted request should be processed with
less effort than processing the original request.
More information about the krbdev
mailing list