[Freeipa-devel] [PATCH 0019] Prefer TCP connections to UDP in krb5 clients
Nathaniel McCallum
npmccallum at redhat.com
Tue Dec 2 16:12:11 UTC 2014
On Thu, 2014-11-06 at 18:00 -0500, Nathaniel McCallum wrote:
> On Fri, 2013-10-04 at 06:12 -0400, Simo Sorce wrote:
> >
> > ----- Original Message -----
> > > On 3.10.2013 23:43, Nathaniel McCallum wrote:
> > > > Patch attached.
> > >
> > > I'm curious - what is the purpose of this patch? To prevent 1 second timeouts
> > > and re-transmits when OTP is in place?
> > >
> > > What is the expected performance impact? Could it be configured for OTP
> > > separately - somehow? (I guess that it is not possible now ...)
> >
> > It benefits also communication of large packets (when large MS-PAC or CAMMAC AD Data
> > are attached), so it is a better choice for IPA in general. Especially given we have
> > multiple KDC processes configured we do not want clients wasting KDC resources by
> > making multiple processes do the same operation.
>
> So apparently this patch never got reviewed over a year ago.
>
> It was related to a bug which was opened in SSSD. However, when it
> became clear we wanted to solve this in FreeIPA, the SSSD bug was closed
> but no corresponding FreeIPA bug was opened. The patch then fell through
> the cracks.
>
> Without this patch, if OTP validation runs long we get retransmits and
> failures.
>
> One question I have is how to handle this for upgrades since (I think)
> this patch only handles new installs.
>
> Anyway, this patch is somewhat urgent now. So help is appreciated.
>
> I have attached a rebased version which has no other changes.
I still need a review on this. Any takers?
More information about the Freeipa-devel
mailing list