Race condition while setting password
ghudson at mit.edu
Wed Feb 2 15:18:44 EST 2022
On 2/2/22 8:12 AM, Sushmita Bhattacharya wrote:
> With regards to the following issue : https://krbdev.mit.edu/rt/Ticket/Display.html?id=9037 , any suggestions on whether using k5_sendto with NO_UDP as transport strategy, in change_set_password function, can be a valid workaround(in code) for a deployment which is hitting this issue and is not particularly specific about using UDP ?
Yes, that is a simple change and should work fine for a deployment which
can handle kpasswd over TCP (as most should).
> But I am puzzled at your problem; is the problem that your client
> implementation doesn't prefer TCP?
In the latest reports of this problem, the client tries TCP, doesn't see
the response, then tries UDP after a second and receives the error, all
before the TCP layer manages to retransmit the response.
As outlined in the ticket, my plan is to try TCP only, and only after a
complete failure, try again with UDP only. But I haven't implemented
More information about the krbdev