Race condition while setting password

Sushmita Bhattacharya sushmita.bhattacharya at oracle.com
Wed Feb 2 08:12:28 EST 2022

   With regards to the following issue : https://krbdev.mit.edu/rt/Ticket/Display.html?id=9037 , any suggestions on whether using k5_sendto with NO_UDP as transport strategy, in change_set_password function, can be a valid workaround(in code) for a deployment which is hitting this issue and is not particularly specific about using UDP ?

- do not retry in libkrb5 at all
- ignore KRB5KRB_AP_ERR_REPEAT during krb5_set_password() and wait for other
replies from the server
- close the initial TCP connection if no data was send before trying to send
the request with UDP
- longer or configurable timeouts

Also, I understand that if the data was already sent on the TCP connection (but no reply was received), then option 3) from above is not helpful. Is my understanding correct ? That's the situation we are most likely facing, so in that case does option 1) above seem reasonable ?


More information about the krbdev mailing list