[Freeipa-devel] [PATCH 0019] Prefer TCP connections to UDP in krb5 clients
Simo Sorce
ssorce at redhat.com
Fri Nov 7 00:46:11 UTC 2014
On Thu, 06 Nov 2014 18:00:21 -0500
Nathaniel McCallum <npmccallum at redhat.com> wrote:
> On Fri, 2013-10-04 at 06:12 -0400, Simo Sorce wrote:
> >
> > ----- Original Message -----
> > > On 3.10.2013 23:43, Nathaniel McCallum wrote:
> > > > Patch attached.
> > >
> > > I'm curious - what is the purpose of this patch? To prevent 1
> > > second timeouts and re-transmits when OTP is in place?
> > >
> > > What is the expected performance impact? Could it be configured
> > > for OTP separately - somehow? (I guess that it is not possible
> > > now ...)
> >
> > It benefits also communication of large packets (when large MS-PAC
> > or CAMMAC AD Data are attached), so it is a better choice for IPA
> > in general. Especially given we have multiple KDC processes
> > configured we do not want clients wasting KDC resources by making
> > multiple processes do the same operation.
>
> So apparently this patch never got reviewed over a year ago.
>
> It was related to a bug which was opened in SSSD. However, when it
> became clear we wanted to solve this in FreeIPA, the SSSD bug was
> closed but no corresponding FreeIPA bug was opened. The patch then
> fell through the cracks.
>
> Without this patch, if OTP validation runs long we get retransmits and
> failures.
>
> One question I have is how to handle this for upgrades since (I think)
> this patch only handles new installs.
>
> Anyway, this patch is somewhat urgent now. So help is appreciated.
>
> I have attached a rebased version which has no other changes.
>
> Nathaniel
I am not sure we can do much on updates, we do not have a
client-update tool, I would just document it I guess.
Otherwise we'd have to go back to sssd which can inject additional
values in krb5.conf, however I am not sure it would be ok to set
something like this in the sssd's pubconf includes ...
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list