Loading...
Current KRB5 implementation does not handle KDC_ERR_SVC_UNAVAILABLE error code after sending the AS Request to the specified KDC. Implementation treats all error codes from KDC (except of KRB_ERR_RESPONSE_TOO_BIG) as terminal and does not retry with another available KDC if possible.
KDC_ERR_SVC_UNAVAILABLE is defined as "A service is not available" in the RFC4120 [1]. KDC sends this error indicating temporary error, for example if server has been restarting.
MIT implementation handles KDC_ERR_SVC_UNAVAILABLE error from KDC and reattempts to connect to the next KDC as per the config [2]. I suggest to do the same.
[1] - https://datatracker.ietf.org/doc/html/rfc4120#section-7.5.9
[2] - https://krbdev.mit.edu/rt/Ticket/Display.html?id=3334
- backported by
-
JDK-8275701 Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC
-
- Resolved
-
-
JDK-8303231 Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC
-
- Resolved
-
-
JDK-8303343 Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC
-
- Resolved
-
-
JDK-8303753 Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC
-
- Resolved
-
-
JDK-8305435 Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC
-
- Resolved
-
-
JDK-8309982 Handle KDC_ERR_SVC_UNAVAILABLE error code from KDC
-
- Resolved
-
- links to
-
Commit
openjdk/jdk11u-dev/ad3a90f6
-
Commit
openjdk/jdk17u/844d8bf8
-
Commit
openjdk/jdk/5ba0d09f
-
Review
openjdk/jdk11u-dev/1935
-
Review
openjdk/jdk17u/207
-
Review
openjdk/jdk/5658
(1 backported by, 6 links to)