[450] in Kerberos
re: RPC for communicating with Kerberos
daemon@TELECOM.MIT.EDU (Jerome H. Saltzer)
Wed Jul 20 15:38:27 1988
To: Mike Kazar <kazar+@andrew.cmu.edu>
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: Mike Kazar <kazar+@andrew.cmu.edu>'s message of Tue, 5 Jul 88 22:16:54 -0400 (EDT)
From: Jerome H. Saltzer <Saltzer@ATHENA.MIT.EDU>
> From my reading of the Kerberos source code, administrative requests
> are sent from the client to the Kerberos server repeatedly until the
> client receives a response from the appropriate host (correct me if
> I'm wrong). There seem to be several problems with this protocol:
Mike,
I think that the Kerberos protocols are clean on this point. The
ticket acquisition and exchange protocols are all designed to be
completely idempotent (for security reasons as well as the for the
potential flakiness problems you mention) and the administrative
functions that can't be idempotent are implemented with tcp, rather
than doing retransmission themselves.
> Unfortunately, in our environment, with a 2-3% packet loss rate (Unix
> process to Unix process), and packets delays measured in seconds,
> these problems should result in a moderately flakey overall system.
I certainly sympathize with the performance problems you must have to
put up with, but I believe that the Kerberos protocols are designed
to cope with that level of confusion without anyone noticing.
Jerry
