Bug 1248721

Summary: RFE: kpasswd&co. should use TCP by default
Product: Red Hat Enterprise Linux 7 Reporter: Roland Mainz <rmainz>
Component: krb5Assignee: Robbie Harwood <rharwood>
Status: CLOSED NOTABUG QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.2CC: dpal, pkis, rharwood
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: http://krbdev.mit.edu/rt/Ticket/Display.html?id=5868
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-01-07 17:45:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Roland Mainz 2015-07-30 16:53:05 UTC 
[More or less as fallout from https://bugzilla.redhat.com/show_bug.cgi?id=1203889#c25]
RFE: kpasswd&co. should use TCP by default and fall-back to UDP, based on what is configured in the krb5 configuration (in krb5 1.13.x we default to TCP).

Right now we use a weird algorithm which tries UDP first and only switch to TCP if we it certain UDP error conditions. IMHO we should stop sniffing and probing around and just do what the config says...
Comment 3 Robbie Harwood 2015-09-10 18:20:13 UTC 
Adding upstream ticket.
Comment 5 Robbie Harwood 2016-01-07 17:45:43 UTC 
krb5 prefers UDP for everything, including kpasswd.  Even if we end up needing the TCP logic, we only eat one round-trip before falling back to that anyway.  Further, my understanding is that this is configurable.

If upstream changes their position (see URL), we can revisit this; otherwise, I believe it safe to close.