[20348] in Kerberos_V5_Development
Race condition while setting password
daemon@ATHENA.MIT.EDU (Sushmita Bhattacharya)
Wed Feb 2 12:20:48 2022
From: Sushmita Bhattacharya <sushmita.bhattacharya@oracle.com>
To: "krbdev@mit.edu" <krbdev@mit.edu>
Date: Wed, 2 Feb 2022 13:12:28 +0000
Message-ID: <PH0PR10MB47900607BC8891D88BBBD8748B279@PH0PR10MB4790.namprd10.prod.outlook.com>
Content-Language: en-US
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Hi,
With regards to the following issue : https://krbdev.mit.edu/rt/Ticket/Display.html?id=9037 , any suggestions on whether using k5_sendto with NO_UDP as transport strategy, in change_set_password function, can be a valid workaround(in code) for a deployment which is hitting this issue and is not particularly specific about using UDP ?
- do not retry in libkrb5 at all
- ignore KRB5KRB_AP_ERR_REPEAT during krb5_set_password() and wait for other
replies from the server
- close the initial TCP connection if no data was send before trying to send
the request with UDP
- longer or configurable timeouts
Also, I understand that if the data was already sent on the TCP connection (but no reply was received), then option 3) from above is not helpful. Is my understanding correct ? That's the situation we are most likely facing, so in that case does option 1) above seem reasonable ?
Thanks,
Sushmita
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
