[20349] in Kerberos_V5_Development
Re: Race condition while setting password
daemon@ATHENA.MIT.EDU (Ken Hornstein via krbdev)
Wed Feb 2 14:25:24 2022
Message-ID: <202202021923.212JNhE2013443@hedwig.cmf.nrl.navy.mil>
To: Sushmita Bhattacharya <sushmita.bhattacharya@oracle.com>
cc: "krbdev@mit.edu" <krbdev@mit.edu>
In-Reply-To: <PH0PR10MB47900607BC8891D88BBBD8748B279@PH0PR10MB4790.namprd10.prod.outlook.com>
MIME-Version: 1.0
Date: Wed, 02 Feb 2022 14:23:42 -0500
From: Ken Hornstein via krbdev <krbdev@mit.edu>
Reply-To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
>With regards to the following issue :
>https://krbdev.mit.edu/rt/Ticket/Display.html?id=9037 ,
>any suggestions on whether using k5_sendto with NO_UDP as transport
>strategy, in change_set_password function, can be a valid workaround(in
>code) for a deployment which is hitting this issue and is not particularly
>specific about using UDP ?
So, this problem was HUGE for us. It was finally resolved by switching
to TCP for password changes (we publish the password changing
server location in DNS, so it was as easy as publishing a new SRV
record).
But I am puzzled at your problem; is the problem that your client
implementation doesn't prefer TCP? Because at least for us, once
we told the clients that TCP was available that was tried first
and it basically always worked from that point forward.
--Ken
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
