Lookaside mechanism in KDC -- shared between processes?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Lookaside mechanism in KDC -- shared between processes?

Rick van Rein (OpenFortress)
Hello,

For a project on the KDC code [1] I'm trying to understand how lookaside
processing in the KDC works, as implemented in kdc/replay.c --
specifically, how it reaches all the processes that run inside the KDC.

I found that the hash table is a static array, so it will be shared
among processes, but the entries are simply allocated with calloc() and
would therefore be specific to each process.  So how can process A
detect that dispatch.c is active for a given KDC-REQ packet if that
packet is being dispatched from process B?

Thanks,
 -Rick

[1]  I'm trying to insert a link to a backend that uses DNSSEC/DANE for
realm crossover; it wants to avoid replaying a request about an
already-sought remote realm.

_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: Lookaside mechanism in KDC -- shared between processes?

Greg Hudson
On 11/10/2016 11:04 AM, Rick van Rein wrote:
> I found that the hash table is a static array, so it will be shared
> among processes, but the entries are simply allocated with calloc() and
> would therefore be specific to each process.  So how can process A
> detect that dispatch.c is active for a given KDC-REQ packet if that
> packet is being dispatched from process B?

static arrays are not shared between processes.  The KDC lookaside cache
is entirely specific to one process.  It is intended as an optimization,
not as a guarantee that a request is only processed once.
(We have at times considered removing the lookaside cache, on the
grounds that its overhead may cost more than the optimization is worth
in typical scenarios.  But so far we have not.)
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev