Return-Path: Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id BEE833E710; Wed, 3 Oct 2012 23:31:44 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id q943Vi9r024037; Wed, 3 Oct 2012 23:31:44 -0400 Received: from mailhub-dmz-4.mit.edu (MAILHUB-DMZ-4.MIT.EDU [18.7.62.38]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id q940LhPw002462 for ; Wed, 3 Oct 2012 20:21:43 -0400 Received: from dmz-mailsec-scanner-6.mit.edu (DMZ-MAILSEC-SCANNER-6.MIT.EDU [18.7.68.35]) by mailhub-dmz-4.mit.edu (8.13.8/8.9.2) with ESMTP id q940KbwB023360 for ; Wed, 3 Oct 2012 20:21:43 -0400 X-Auditid: 12074423-b7fab6d0000008f9-db-506cd696c884 Authentication-Results: symauth.service.identifier Received: from homiemail-a35.g.dreamhost.com (caiajhbdcbhh.dreamhost.com [208.97.132.177]) by dmz-mailsec-scanner-6.mit.edu (Symantec Messaging Gateway) with SMTP id 24.34.02297.696DC605; Wed, 3 Oct 2012 20:21:43 -0400 (EDT) Received: from homiemail-a35.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a35.g.dreamhost.com (Postfix) with ESMTP id 3306E5405B for ; Wed, 3 Oct 2012 17:21:42 -0700 (PDT) Dkim-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h= mime-version:date:message-id:subject:from:to:content-type; s= cryptonector.com; bh=xw/npVpsOUlgqZaAQwWnlGv5Bmg=; b=IiD7cwBLlyd X5FstTK6NeIpV33OxC08hDPC6uMGpc+CKFqcDMBEQPXD5fpqDajnr2+ZrrlSJqat aJ0aZSX2ZKeTsjgJLsImkdXWNaBbPqTCk3KFoONE1YYucXstYLQb9PCgCXKFrat5 pbaolVrgZaENbr6yD1FnKDr/vkJY6Cf0= Received: from mail-da0-f49.google.com (mail-da0-f49.google.com [209.85.210.49]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by homiemail-a35.g.dreamhost.com (Postfix) with ESMTPSA id 1E0A754057 for ; Wed, 3 Oct 2012 17:21:42 -0700 (PDT) Received: by dajq27 with SMTP id q27so2804295daj.36 for ; Wed, 03 Oct 2012 17:21:41 -0700 (PDT) MIME-Version: 1.0 Received: by 10.68.132.41 with SMTP id or9mr17291832pbb.67.1349310101766; Wed, 03 Oct 2012 17:21:41 -0700 (PDT) Received: by 10.68.20.194 with HTTP; Wed, 3 Oct 2012 17:21:41 -0700 (PDT) Date: Wed, 3 Oct 2012 19:21:41 -0500 Message-ID: Subject: All kadm5srv consumers should log writes to the iprop ulog From: Nico Williams To: krb5-bugs@mit.edu Content-Type: text/plain; charset=UTF-8 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprFKsWRWlGSWpSXmKPExsVyIbFlo+70azkBBqf3M1k0PDzO7sDo0XTm KHMAYxSXTUpqTmZZapG+XQJXxoxnM9gKzrNU3N74m7WB8QFzFyMHh4SAicSd01xdjJwcjAJG ErvPvWIFsSUExCQu3FvP1sXIxSEk8JhRon3qTGYI5zSjxLbX7awgDovAeyaJrbNuQ5U9YJJo fnyJGaRfSKBa4tK7JkYQm1dAUOLkzCcsEPFCif23PrJC2J4Sv6bfBqthEVCR+DNpExPISbwC ARK//quBmMICzhJdOxxATDYBbYnN2xRBikUERCVe/j3GAhJmFlCXWD9PaAKj4Cwkq2YhZBYw Mq1ilE3JrdLNTczMKU5N1i1OTszLSy3SNdPLzSzRS00p3cQIDEYhdhflHYx/DiodYhTgYFTi 4W1oywkQYk0sK67MPcQoycGkJMp7+jJQiC8pP6UyI7E4I76oNCe1+BCjBAezkgiv8VagHG9K YmVValE+TEqag0VJnPdayk1/IYH0xJLU7NTUgtQimCwTB/shRhkODiUJXturQN2CRanpqRVp mTklyGo4QQQXyBoeoDVpIIW8xQWJucWZ6RBFpxiNORrfzX3IyHF72sKHjEIsefl5qVLivN4g pQIgpRmleXAjYUnmEqOslDAvIwMDgxAP0E3AoECVf8UoDgwGYV4zkCk8mXklcPteAZ3CBHTK Ct0skFNKEhFSUg2MPje2LZwmdPvqx/MXrl7Rti4+xTkh18/1p0zQB4cJLVO9OA43Jy1JuL59 xse+JOZlLyMmtO1zP7moYXsbu82CiYuTo8P/GmvsSl7d+cZy09mNPgHJbGYmah84tkut8gt2 mctfbZuRH2b6sv3E3r6UPLan1fdeO/T4dJ87li54Y0F4/00Gw51cSizFGYmGWsxFxYkAj+mY 4i0DAAA= X-Mailman-Approved-At: Wed, 03 Oct 2012 23:31:41 -0400 X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu Content-Length: 579 Apparently only kadmind and kadmin.local mmap() in the iprop ulog, and only they log to the ulog. Evidently the intention was that kadm5srv consumers that want their transactions iprop'ed should call kadm5_init_iprop(), but that makes no sense: why would one want to modify the KDB on the master and not log then in the ulog? Also, if one might want to do that, then why doesn't kadmin.local have an option to not write transactions to the ulog? The fix is simple: make kadm5_init_iprop() a no-op and make kadm5_init() on the server-side do what kadm5_init_iprop() was doing.