Race condition while setting password

Greg Hudson ghudson at mit.edu
Wed Feb 2 15:18:44 EST 2022

On 2/2/22 8:12 AM, Sushmita Bhattacharya wrote:
> Hi,
>    With regards to the following issue : https://krbdev.mit.edu/rt/Ticket/Display.html?id=9037 , any suggestions on whether using k5_sendto with NO_UDP as transport strategy, in change_set_password function, can be a valid workaround(in code) for a deployment which is hitting this issue and is not particularly specific about using UDP ?

Yes, that is a simple change and should work fine for a deployment which
can handle kpasswd over TCP (as most should).

Ken wrote:
> But I am puzzled at your problem; is the problem that your client
> implementation doesn't prefer TCP?

In the latest reports of this problem, the client tries TCP, doesn't see
the response, then tries UDP after a second and receives the error, all
before the TCP layer manages to retransmit the response.

As outlined in the ticket, my plan is to try TCP only, and only after a
complete failure, try again with UDP only.  But I haven't implemented
that yet.

More information about the krbdev mailing list