[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Forking the KDC




On Nov 15, 2006, at 2:36 AM, Love Hörnquist Åstrand wrote:

> 10 nov 2006 kl. 03.15 skrev Henry B. Hotz:
>
>> Does it sound feasible that the resources involved could be narrow  
>> enough that this kind of fork could be done?
>
> I rather have the KDC either ignore the request by doing rate- 
> limiting or having the delay
> functionality encoded into the state machine.
>
> fork()ing too much will also create a DOS on the KDC, it will run  
> out of processes.
>
> Love

Rate limiting only applies to a single account (for both of the  
scenarios I'm considering).  If I hold up everybody that might impact  
hundreds of requests.

I'm not sure what I'm interested in necessarily belongs in the main  
tree.  I'm asking about technical feasibility and potholes or land  
mines I might step on.  ;-)

Does the state machine have provisions for keeping a reply around for  
sending later?  Also I wouldn't want to mix the processing from an  
external back-end with the Kerberos protocol front-end processing.   
Is there any asynchronous handling in the LDAP back-end that I should  
look at?

------------------------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu