Race condition while setting password
Ken Hornstein
kenh at cmf.nrl.navy.mil
Wed Feb 2 14:23:42 EST 2022
>With regards to the following issue :
>https://krbdev.mit.edu/rt/Ticket/Display.html?id=9037 ,
>any suggestions on whether using k5_sendto with NO_UDP as transport
>strategy, in change_set_password function, can be a valid workaround(in
>code) for a deployment which is hitting this issue and is not particularly
>specific about using UDP ?
So, this problem was HUGE for us. It was finally resolved by switching
to TCP for password changes (we publish the password changing
server location in DNS, so it was as easy as publishing a new SRV
record).
But I am puzzled at your problem; is the problem that your client
implementation doesn't prefer TCP? Because at least for us, once
we told the clients that TCP was available that was tried first
and it basically always worked from that point forward.
--Ken
More information about the krbdev
mailing list