Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Question: Is RequestServiceTicket.CanCacheTickets condition too restrictive ? #383

Open
sqladmin-zz opened this issue Nov 8, 2024 · 1 comment

Comments

@sqladmin-zz
Copy link

in this PR #249 CanCacheTickets property was introduced in order to fix issue #248

        public bool CanCacheTicket => this.CacheTicket ?? true &&
                                      string.IsNullOrWhiteSpace(this.S4uTarget) && // is this line needed ?
                                      this.S4uTicket == null &&
                                      this.S4uTargetCertificate == null;

But when we pass string s4u to GetServiceTicket - it looks like tickets can be cached - because s4u goes to Container string parameter in TicketCacheEntry and allows to correctly identify record in cache.

It will not break the test case described in #248

In our case we are calling http service from backend service on behalf of the user in many parallel threads - every call to GetServiceTicket(..., s4u: username) goes to KDC (because ticket for user is not cached) and we running out of SocketPool in case of many threads (even if TcpKerberosTransport.MaxPoolSize increased).

We have workarounds on this: locking call to GetServiceTicket or using SemaphoreSlim(TcpKerberosTransport.MaxPoolSize,TcpKerberosTransport.MaxPoolSize) before it ... but it looks too rude

@SteveSyfuhs
Copy link
Collaborator

SteveSyfuhs commented Nov 8, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants