John Hascall wrote: >> Because the code path for that would be: >> get a ticket >> make an rxk5 security object >> retain the ticket. >> make an rx connection client object. >> make the initial RPC call. >> if the RPC call fails with the right error... >> tear down the rx connection client object. >> discard the rxk5 security object. >> make an rxkad object with the retained ticket. >> make a new rx connection client object. >> redo the RPC call with the new connection >> discard the retained ticket. >> which is going to look even uglier in the source for ubik calls. > >> And, um, well, old servers *won't* return an error message. >> They won't return anything at all. So "the right error" above >> means "after an obnoxious long delay". > > Well, that certianly seems like a show-stopping mistake.
The behavior prevents a denial of service attack against the clients.
smime.p7s
Description: S/MIME Cryptographic Signature