[Freeipa-devel] [PATCH 0019] Prefer TCP connections to UDP in krb5 clients
Nathaniel McCallum
npmccallum at redhat.com
Tue Dec 2 16:49:54 UTC 2014
On Tue, 2014-12-02 at 17:48 +0100, Martin Kosek wrote:
> On 12/02/2014 05:36 PM, Simo Sorce wrote:
> > On Tue, 02 Dec 2014 11:12:11 -0500
> > Nathaniel McCallum <npmccallum at redhat.com> wrote:
> >
> >> On Thu, 2014-11-06 at 18:00 -0500, Nathaniel McCallum wrote:
> >>> On Fri, 2013-10-04 at 06:12 -0400, Simo Sorce wrote:
> >>>>
> >>>> ----- Original Message -----
> >>>>> On 3.10.2013 23:43, Nathaniel McCallum wrote:
> >>>>>> Patch attached.
> >>>>>
> >>>>> I'm curious - what is the purpose of this patch? To prevent 1
> >>>>> second timeouts and re-transmits when OTP is in place?
> >>>>>
> >>>>> What is the expected performance impact? Could it be configured
> >>>>> for OTP separately - somehow? (I guess that it is not possible
> >>>>> now ...)
> >>>>
> >>>> It benefits also communication of large packets (when large
> >>>> MS-PAC or CAMMAC AD Data are attached), so it is a better choice
> >>>> for IPA in general. Especially given we have multiple KDC
> >>>> processes configured we do not want clients wasting KDC resources
> >>>> by making multiple processes do the same operation.
> >>>
> >>> So apparently this patch never got reviewed over a year ago.
> >>>
> >>> It was related to a bug which was opened in SSSD. However, when it
> >>> became clear we wanted to solve this in FreeIPA, the SSSD bug was
> >>> closed but no corresponding FreeIPA bug was opened. The patch then
> >>> fell through the cracks.
> >>>
> >>> Without this patch, if OTP validation runs long we get retransmits
> >>> and failures.
> >>>
> >>> One question I have is how to handle this for upgrades since (I
> >>> think) this patch only handles new installs.
> >>>
> >>> Anyway, this patch is somewhat urgent now. So help is appreciated.
> >>>
> >>> I have attached a rebased version which has no other changes.
> >>
> >> I still need a review on this. Any takers?
> >
> > The patch looks good to me
> >
> > Simo.
>
> This fixes the new installations. Can you please refresh the memory what is the
> decision regarding the upgrades?
The need to fix upgrades will be documented. In the future, we will
get /etc/krb.conf.d and we will ship a file there.
Nathaniel
More information about the Freeipa-devel
mailing list