Received: from relay12.bu.edu (relay12.bu.edu [128.197.27.63]) by krbdev.mit.edu (8.12.9) with ESMTP id m5J8fxHW025282; Thu, 19 Jun 2008 04:41:59 -0400 (EDT)
X-Envelope-From: nik@bu.edu
X-Bu-Auth: it3-dhcp063.bu.edu [128.197.24.63]
Received: from BU-AUTH (localhost.localdomain [127.0.0.1]) (authenticated bits=0) by relay12.bu.edu (8.13.1/8.13.1) with ESMTP id m5J8fYID023101 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <rt-comment@krbdev.mit.edu>; Thu, 19 Jun 2008 04:41:34 -0400
Message-ID: <2ADA9F5E-D7B1-45ED-A700-CB511CEE3459@bu.edu>
From: Nik Conwell <nik@bu.edu>
To: rt-comment@krbdev.mit.edu
In-Reply-To: <rt-5924-27027.2.87289431965235@krbdev.mit.edu>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0 (Apple Message framework v924)
Subject: Re: [krbdev.mit.edu #5924] SVN Commit 
Date: Thu, 19 Jun 2008 04:41:34 -0400
References: <rt-5924-27027.2.87289431965235@krbdev.mit.edu>
X-Mailer: Apple Mail (2.924)
RT-Send-Cc: 
X-RT-Original-Encoding: us-ascii
Content-Length: 831


On Jun 18, 2008, at 3:36 PM, Jeffrey Altman via RT wrote:

[...]

> If there are multiple processes or threads on the same
> machine each requesting service tickets using the same
> client principal for the same service principal where

This multiple process thing is a more tricky design issue.  Apparently  
multiple processes on the same box can get the same time  
(microseconds) and so the authenticator is not unique.  I see this  
from time to time.  The SMP OS or the hardware could put a lock around  
returning the time to ensure it's unique but evidently that is not  
done...  I don't think there is much K5 can do about this since the  
threads can't communicate with each other.  Possibly some /dev/random  
could be used instead of the time.  My hack was to have the app retry  
whenever this error is seen.

-nik