git.ipfire.org Git - thirdparty/krb5.git/commit

author	Greg Hudson <ghudson@mit.edu>
	Mon, 24 Apr 2023 22:22:40 +0000 (18:22 -0400)
committer	Greg Hudson <ghudson@mit.edu>
	Sun, 16 Jul 2023 22:16:09 +0000 (18:16 -0400)
commit	fabbf11f457a84904a5fa251584fd660a52fa583
tree	c48c3b22ae3ff61cd26332a644cfdba61509f1bf	tree
parent	ef08b09c9459551aabbe7924fb176f1583053cdd	commit \| diff

Defer primary KDC lookups

Add an internal variant of krb5_sendto_kdc() which records the
answering KDC in a list. Callers can check the list for replica KDC
use after the success or failure of the KDC exchange is determined,
avoiding DNS queries for the primary KDCs in many common cases and
using fewer DNS queries in other cases.

Perform the fallback in k5_get_init_creds() rather than
krb5_get_init_creds_password(). For now we must additionally perform
the fallback in krb5_get_init_creds_keytab() as it does not use
k5_get_init_creds().

Preserve the current signature of krb5_sendto_kdc() (it is used within
the tree outside of libkrb5, and might be used by other software
despite being non-public), but remove the behavior of setting
*use_primary.

ticket: 7721

src/include/k5-trace.h		diff \| blob \| blame \| history
src/lib/krb5/krb/gc_via_tkt.c		diff \| blob \| blame \| history
src/lib/krb5/krb/get_creds.c		diff \| blob \| blame \| history
src/lib/krb5/krb/get_etype_info.c		diff \| blob \| blame \| history
src/lib/krb5/krb/get_in_tkt.c		diff \| blob \| blame \| history
src/lib/krb5/krb/gic_keytab.c		diff \| blob \| blame \| history
src/lib/krb5/krb/gic_pwd.c		diff \| blob \| blame \| history
src/lib/krb5/krb/in_tkt_sky.c		diff \| blob \| blame \| history
src/lib/krb5/krb/int-proto.h		diff \| blob \| blame \| history
src/lib/krb5/os/locate_kdc.c		diff \| blob \| blame \| history
src/lib/krb5/os/os-proto.h		diff \| blob \| blame \| history
src/lib/krb5/os/sendto_kdc.c		diff \| blob \| blame \| history
src/tests/Makefile.in		diff \| blob \| blame \| history
src/tests/t_sendto_kdc.py	[new file with mode: 0644]	blob