Home Original page

Loading...

Current KRB5 implementation does not handle KDC_ERR_SVC_UNAVAILABLE error code after sending the AS Request to the specified KDC. Implementation treats all error codes from KDC (except of KRB_ERR_RESPONSE_TOO_BIG) as terminal and does not retry with another available KDC if possible.
KDC_ERR_SVC_UNAVAILABLE is defined as "A service is not available" in the RFC4120 [1]. KDC sends this error indicating temporary error, for example if server has been restarting.
MIT implementation handles KDC_ERR_SVC_UNAVAILABLE error from KDC and reattempts to connect to the next KDC as per the config [2]. I suggest to do the same.
  [1] - https://datatracker.ietf.org/doc/html/rfc4120#section-7.5.9
  [2] - https://krbdev.mit.edu/rt/Ticket/Display.html?id=3334

backported by

Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8275701 Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC

  • P3 - Major loss of function.
  • Resolved

Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8303231 Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC

  • P3 - Major loss of function.
  • Resolved

Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8303343 Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC

  • P3 - Major loss of function.
  • Resolved

Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8303753 Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC

  • P3 - Major loss of function.
  • Resolved

Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8305435 Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC

  • P3 - Major loss of function.
  • Resolved

Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-8309982 Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC

  • P3 - Major loss of function.
  • Resolved
links to

Commit Commit openjdk/jdk11u-dev/ad3a90f6

Commit Commit openjdk/jdk17u/844d8bf8

Commit Commit openjdk/jdk/5ba0d09f

Review Review openjdk/jdk11u-dev/1935

Review Review openjdk/jdk17u/207

Review Review openjdk/jdk/5658

(1 backported by, 6 links to)