RT RT/krbdev.mit.edu: Ticket #7721 master_kdc is resolved sooner than necessary Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
7721
Status
open
Worked
0 min
Priority
0/0
Queue
krb5
 

 Keyword Selections  
Component
Tags
Version_reported
Version_Fixed
Target_Version
 

 Relationships  
Depends on:
Depended on by:
Parents:
Children:

Refers to:
  • 6782: (Nobody) Master KDC lookup can use SRV lookups despite profile KDC configuration [new]
Referred to by:
 
 Dates  
Created: Wed Oct 16 11:07:52 2013
Starts: Not set
Started: Not set
Last Contact: Not set
Due: Not set
Updated: Wed Oct 16 11:08:12 2013 by ghudson
 

 People  
Owner
 Nobody
Requestors
 ghudson@mit.edu
Cc
 
AdminCc
 
 

 More about Greg Hudson  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Wed Oct 16 11:07:52 2013  ghudson - Ticket created    
     
Subject: master_kdc is resolved sooner than necessary

When krb5_sendto_kdc gets a response, successful or not, it immediately
looks up the master_kdc value so it can set the value of *use_master.  If
the response is a failure, the caller may use the returned value of
*use_master to avoid resending to the master KDC if we happened to pick
it the first time around.

But in some common cases, the returned value of *use_master is not used.
It would be more efficient if we looked up the master KDC only after
determining that the response is a failure that we want to fall back
from.

Combined with #6782, this issue can cause a DNS lookup to be performed
for every request, even ones with successful replies, for a realm which
has krb5.conf configuration for "kdc" but not "master_kdc".


Download (untitled) 744b
      Wed Oct 16 11:08:12 2013  ghudson - Ticket 7721 RefersTo ticket 6782.