Race condition while setting password

Ken Hornstein kenh at cmf.nrl.navy.mil
Wed Feb 2 14:23:42 EST 2022

>With regards to the following issue :
>https://krbdev.mit.edu/rt/Ticket/Display.html?id=9037 ,
>any suggestions on whether using k5_sendto with NO_UDP as transport
>strategy, in change_set_password function, can be a valid workaround(in
>code) for a deployment which is hitting this issue and is not particularly
>specific about using UDP ?

So, this problem was HUGE for us.  It was finally resolved by switching
to TCP for password changes (we publish the password changing
server location in DNS, so it was as easy as publishing a new SRV

But I am puzzled at your problem; is the problem that your client
implementation doesn't prefer TCP?  Because at least for us, once
we told the clients that TCP was available that was tried first
and it basically always worked from that point forward.


More information about the krbdev mailing list