[Freeipa-devel] [PATCH 0019] Prefer TCP connections to UDP in krb5 clients
Nathaniel McCallum
npmccallum at redhat.com
Thu Nov 6 23:00:21 UTC 2014
On Fri, 2013-10-04 at 06:12 -0400, Simo Sorce wrote:
>
> ----- Original Message -----
> > On 3.10.2013 23:43, Nathaniel McCallum wrote:
> > > Patch attached.
> >
> > I'm curious - what is the purpose of this patch? To prevent 1 second timeouts
> > and re-transmits when OTP is in place?
> >
> > What is the expected performance impact? Could it be configured for OTP
> > separately - somehow? (I guess that it is not possible now ...)
>
> It benefits also communication of large packets (when large MS-PAC or CAMMAC AD Data
> are attached), so it is a better choice for IPA in general. Especially given we have
> multiple KDC processes configured we do not want clients wasting KDC resources by
> making multiple processes do the same operation.
So apparently this patch never got reviewed over a year ago.
It was related to a bug which was opened in SSSD. However, when it
became clear we wanted to solve this in FreeIPA, the SSSD bug was closed
but no corresponding FreeIPA bug was opened. The patch then fell through
the cracks.
Without this patch, if OTP validation runs long we get retransmits and
failures.
One question I have is how to handle this for upgrades since (I think)
this patch only handles new installs.
Anyway, this patch is somewhat urgent now. So help is appreciated.
I have attached a rebased version which has no other changes.
Nathaniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-npmccallum-0019-Prefer-TCP-connections-to-UDP-in-krb5-clients.patch
Type: text/x-patch
Size: 3306 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141106/7900a939/attachment.bin>
More information about the Freeipa-devel
mailing list