Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8274205

Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC

    XMLWordPrintable

    Details

      Description

      Current KRB5 implementation does not handle KDC_ERR_SVC_UNAVAILABLE error code after sending the AS Request to the specified KDC. Implementation treats all error codes from KDC (except of KRB_ERR_RESPONSE_TOO_BIG) as terminal and does not retry with another available KDC if possible.
      KDC_ERR_SVC_UNAVAILABLE is defined as "A service is not available" in the RFC4120 [1]. KDC sends this error indicating temporary error, for example if server has been restarting.
      MIT implementation handles KDC_ERR_SVC_UNAVAILABLE error from KDC and reattempts to connect to the next KDC as per the config [2]. I suggest to do the same.
        [1] - https://datatracker.ietf.org/doc/html/rfc4120#section-7.5.9
        [2] - https://krbdev.mit.edu/rt/Ticket/Display.html?id=3334

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              abakhtin Alexey Bakhtin
              Reporter:
              abakhtin Alexey Bakhtin
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: