[1355] in Kerberos_V5_Development
Re: kdc performance and rcache
daemon@ATHENA.MIT.EDU (Jonathan Kamens)
Thu Jun 27 14:34:14 1996
Date: Thu, 27 Jun 1996 18:32:47 GMT
From: Jonathan Kamens <jik@annex-1-slip-jik.cam.ov.com>
To: bjaspan@MIT.EDU
Cc: raeburn@cygnus.com, krbdev@MIT.EDU
In-Reply-To: <9606271432.AA21573@beeblebrox.MIT.EDU> (bjaspan@MIT.EDU)
> Date: Thu, 27 Jun 96 10:32:52 -0400
> From: "Barry Jaspan" <bjaspan@MIT.EDU>
>
> I'm pretty sure we disabled the lookaside cache in the OV kdc, on the
> grounds that it was unnecessary and also because it was causing our
> automated tests to break (I think there were some bugs tickled by
> having similar requests arrive within less than a second, and perhaps
> fixing them seemed like more overhead than it was worth). jik, can
> you remind us about the details? Isn't there a long PR about this?
The problem was that our tests were making a KDC request, modifying
the database, and the making another KDC request, all within one
second. The KDC sent the reply to the second request out of the
replay cache, but it was no longer valid because the database had been
updated.
Our short-term fix for this was to disable the lookaside cache
completely. However, we did eventually fix it properly, by storing
the database modification time in the replay cache entries and not
using replay cache entries which differed from the current database
modification time.
I thought we sent that patch back to MIT, but if it's not in the MIT
code, I suppose that either I'm mistaken, or they didn't incorporate
it. In any case, I can send you the patch if you want.
jik
