[17563] in Kerberos_V5_Development
Re: suggestion for locating master kdc logic
daemon@ATHENA.MIT.EDU (Will Fiveash)
Fri Apr 6 15:53:12 2012
Date: Fri, 6 Apr 2012 14:53:04 -0500
From: Will Fiveash <will.fiveash@oracle.com>
To: Greg Hudson <ghudson@mit.edu>
Message-ID: <20120406195304.GC14892@oracle.com>
Mail-Followup-To: Greg Hudson <ghudson@MIT.EDU>, krbdev@MIT.EDU
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <4F7E6211.909@mit.edu>
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On Thu, Apr 05, 2012 at 11:25:05PM -0400, Greg Hudson wrote:
> On 04/05/2012 07:53 PM, Will Fiveash wrote:
> > Anyone have a problem if I modify the MIT krb code so that if a
> > master_kdc spec is not found to then look for admin_server and if that
> > isn't found also look for kpasswd_server? This change would affect
> > dns_locate_server() and prof_locate_server().
>
> I'm always a little nervous about reversing previous design decisions
> that I don't completely understand. I can find a little bit of design
> rationale in ticket #1692, which says:
>
> Currently the admin_server tag is overloaded for kadmin and
> password changing. So, don't use it as a filter on the KDC list;
> instead, look for master_kdc as an independent list.
>
> I'm not quite sure what Ken had in mind here. I can speculate that he
> was concerned about environments where the kadmin or kpasswd server host
> doesn't run a KDC, in which case trying to contact it would result in an
> unwelcome timeout.
I assuming that in the vast majority of krb deployments if admin_server
is set then it is set to the master KDC and that the admins of such
deployments would want the master KDC fall back logic to be:
master_kdc -> admin_server -> kpasswd_server
Certainly for Solaris, we have not documented master_kdc so I'm pretty
sure most if not all krb configs on those systems are not benefiting
from the fall back to master_kdc when getting a krb err.
I suggest introduction of new config parameter, try_admin_server_on_err
(or something like that), that if true would allow using admin_server or
kpasswd_server if master_kdc was not specified as a fall back when a krb
error is received. If false, only the master_kdc would be used. It
should be true by default.
--
Will Fiveash
Oracle Solaris Software Engineer
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet, text based e-mail app <http://www.mutt.org/>
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
