[17168] in Kerberos_V5_Development
Re: [PATCH] Plugin Interface Change
daemon@ATHENA.MIT.EDU (Nico Williams)
Thu Sep 15 21:52:53 2011
MIME-Version: 1.0
In-Reply-To: <1316104309.718.216.camel@t410>
Date: Thu, 15 Sep 2011 20:52:32 -0500
Message-ID: <CAK3OfOj3tENp+mAiUfg9LvG=pVbF_Y41BPqc2VNK8rOtNJED0g@mail.gmail.com>
From: Nico Williams <nico@cryptonector.com>
To: Greg Hudson <ghudson@mit.edu>
Cc: "krbdev@mit.edu" <krbdev@mit.edu>
Content-Type: text/plain; charset="utf-8"
Errors-To: krbdev-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Thu, Sep 15, 2011 at 11:31 AM, Greg Hudson <ghudson@mit.edu> wrote:> * We will need an enhancement to the lookaside cache (replay.c) to> support requests in progress. A request should be added with no> response as soon as it is received, and then its entry should be> augmented to contain the response after we have one. If a request> arrives which has a lookaside cache entry with no response, we should> drop the request (we'll respond to it later). Without this enhancement,> KDCs will start processing retransmitted requests, which is a> regression.
The nicest thing about the KDC exchanges being stateless is that theincoming request is the only state that need be queued while someplugin wants to wait for some event (any state produced by that eventcould be cached so that subsequent re-processing of the stalledrequest can find it). This approach does very little violence to themain body of the KDC. OTOH, a library-style KDC would really helpwith things like PKU2U.
Nico--
_______________________________________________krbdev mailing list krbdev@mit.eduhttps://mailman.mit.edu/mailman/listinfo/krbdev
