Return-Path: Received: from mailhub-auth-4.mit.edu (MAILHUB-AUTH-4.MIT.EDU [18.7.62.39]) by krbdev.mit.edu (Postfix) with ESMTPS id 574093E695 for ; Mon, 26 Aug 2013 14:10:30 -0400 (EDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-4.mit.edu (8.13.8/8.9.2) with ESMTP id r7QIATcH011354 for ; Mon, 26 Aug 2013 14:10:30 -0400 Received: from cathode-dark-space.mit.edu (cathode-dark-space.mit.edu [18.18.1.96]) (authenticated bits=56) (User authenticated as tlyu@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id r7QIAShV000519 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Mon, 26 Aug 2013 14:10:29 -0400 Received: (from tlyu@localhost) by cathode-dark-space.mit.edu (8.12.9.20060308) id r7QIAShu016215; Mon, 26 Aug 2013 14:10:28 -0400 (EDT) Resent-To: rt-comment@krbdev.MIT.EDU Resent-From: Tom Yu Resent-Date: Mon, 26 Aug 2013 14:10:28 -0400 Resent-Message-ID: Received: from mailhub-dmz-1.mit.edu (mailhub-dmz-1.mit.edu [18.9.21.41]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id r7OLBM3I023650 for ; Sat, 24 Aug 2013 17:11:22 -0400 Received: from dmz-mailsec-scanner-5.mit.edu (dmz-mailsec-scanner-5.mit.edu [18.7.68.34]) by mailhub-dmz-1.mit.edu (8.13.8/8.9.2) with ESMTP id r7OLBDYe008487 for ; Sat, 24 Aug 2013 17:11:22 -0400 X-Auditid: 12074422-b7ef78e000000935-9d-521921799ed2 Authentication-Results: symauth.service.identifier Received: from mta5.srv.hcvlny.cv.net (mta5.srv.hcvlny.cv.net [167.206.4.200]) by dmz-mailsec-scanner-5.mit.edu (Symantec Messaging Gateway) with SMTP id 8C.DB.02357.97129125; Sat, 24 Aug 2013 17:11:22 -0400 (EDT) Received: from tardis.internal.bright-prospects.com (ool-4a5a27d7.dyn.optonline.net [74.90.39.215]) by mta5.srv.hcvlny.cv.net (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) with ESMTP id <0MS200F2706WHL30@mta5.srv.hcvlny.cv.net> for krbdev@mit.edu; Sat, 24 Aug 2013 17:11:21 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by tardis.internal.bright-prospects.com (Postfix) with ESMTP id AEA308B351; Sat, 24 Aug 2013 17:11:20 -0400 (EDT) Received: from tardis.internal.bright-prospects.com ([127.0.0.1]) by localhost (tardis.internal.bright-prospects.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0JrJGuHQ+dZf; Sat, 24 Aug 2013 17:11:10 -0400 (EDT) Received: from BASCHT520 (basch-t520.internal.bright-prospects.com [192.168.15.61]) by tardis.internal.bright-prospects.com (Postfix) with ESMTPS id 703338A591; Sat, 24 Aug 2013 17:11:10 -0400 (EDT) Date: Sat, 24 Aug 2013 17:11:10 -0400 From: Richard Basch Subject: RE: [krbdev.mit.edu #7695] AutoReply: krb5-1.11.3/1.10.6 - full resync may fail and still result in ulog being updated In-Reply-To: To: krbdev@mit.edu CC: richard.basch@gs.com, "'Richard Basch'" Message-ID: <045301cea10e$750307b0$5f091710$@mit.edu> MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook 12.0 Content-Type: text/plain; charset=us-ascii Content-Language: en-us Content-Transfer-Encoding: 7BIT Thread-Index: Ac6cYhyM71adIhhoSuehsJ/d2YadNQEq7cow X-Virus-Scanned: amavisd-new at mail.bright-prospects.com References: X-Brightmail-Tracker: H4sIAAAAAAAAA1VSa0gUURj17o674+bUdVbb64qVg2IJq6kJWioZ/SgCK4kCsXRy77pL+5Cd dX398YFPIkTJcMEHWCo90FIwqxXWkLUwX3+ELEtNJX+ZlJVkNrOTZn8u5zvncM537wwppStl ahIX2LDVzBoZmYLoHCNGNEUhgWlHnfnxnbOyk+BM2eiw9AJIVyRqsdFgx9ao5CyFvurFVyK3 XVnQ1HGqBPTsqwU+JILHUPWSWy5gAGPQ87EVb5HfjyZmu2W1QEHScBogZ08XIQ79EnSz7YtE HDoAmnKVScVhAaA7A+t/h1GAVjdchBBGwDDUub7mwTJ4GD0cb/UEK2EpQOsTLz2CD0xEztub QMD+kEY1ZRs8T5JSmIwqf2cINAXj0KfVCm8R+6EfDbMeC4LhaH5TI9BSGIG6B9wSEatQ/cc5 uZhyELnGg8XwGDQz/wGI10xAPXfnPXYaXkb1Yy2SOqBy7Cpw7Ep17Ep1/EttA8R9EKw1FWlM rMHI4WwNl82azdiqiYs0GWyRWJv3BPDfiZafZp6Cny5mCEASML4UUgam0d6snSs0DYFAUsIE UK1BPLX3ukVbqGc5faY1z4i5IYBIKeNPdTEojaa0bGERtlq2pSCSYFTU0uKbizTMYW34Bsa5 2LqtSkj5EAgnSdjurtGpCbPFjBlENR7iS/ysOAcX6AxG2267j3AohEZfvtElGCkulzVxhhzR 9BrEkusPmtcA2fiLP2lPplpFNQtWKFj1eeadyO3fcwoEq5UU8PLyon359fhX+V9fASr+RZRU tZDiazDbdvpW+FUk/CpNCwHCKjb2n6QuAXZZ3ft0Zzwb8Orbo8q5rQOfIxa3Vs6NTIVc64vu MFZUWmbDn2X1boVGvcsLtadWaVPsb2ca8pNuxV+5NHivd0GvTCIHYjN1w4NB3eX2/lLnZLyp z/14kj2RgBxnK6a/q20ZxZPHvZeXy/uO4PO9fWGpqf17WsaBLqXZ6S5evMoQnJ6NjpBaOfYP FTnEEpkDAAA= RT-Send-Cc: X-RT-Original-Encoding: us-ascii Content-Length: 2386 Instead of the supplied patch, refer to the following patches instead: 1.11: https://github.com/rbasch/krb5/commit/affc746f296869d25c49ee2eabc843c60470ac df 1.10: https://github.com/rbasch/krb5/commit/fc7aabea9bf0abb0712a8509c38d4382474361 c3 I am relatively confident in the above since they move the ulog update to after the db promotion, ensuring everything is ok first. This should avoid all the issues which previously existed. There is a remote chance something might prevent the ulog update from taking place but the db might be updated. I am not quite sure what the right answer is in this case, but certainly the other way round of updating the ulog before the database matches is wrong. There are pros and cons to resetting the ulog prior to the db load, but in either scenario, the final state should not be set until after the db is loaded & promoted. -----Original Message----- From: krb5 [mailto:rt@krbdev.mit.edu] Sent: Sunday, August 18, 2013 6:26 PM To: basch@alum.mit.edu Subject: [krbdev.mit.edu #7695] AutoReply: krb5-1.11.3/1.10.6 - full resync may fail and still result in ulog being updated Greetings, This message has been automatically generated in response to the creation of a trouble ticket regarding: "krb5-1.11.3/1.10.6 - full resync may fail and still result in ulog being updated", a summary of which appears below. There is no need to reply to this message right now. Your ticket has been assigned an ID of [krbdev.mit.edu #7695]. Please include the string: [krbdev.mit.edu #7695] in the subject line of all future correspondence about this issue. To do so, you may reply to this message. Thank you, ------------------------------------------------------------------------- In my test environment, even with krb5-1.11.3, I noticed a database reload (full resync) may still fail and result in the ulog being updated with the new serial number, resulting in an inconsistent environment. I have another patch available which seems to fix the condition. Specifically, I have seen the condition occur with an accompanying log message: ./kdb5_util returned a bad exit status (2) krb5-1.11 https://github.com/rbasch/krb5/commit/83c34de8a740711961d05fde150cc8b16e68f9 e1 krb5-1.10 https://github.com/rbasch/krb5/commit/638b2e299157b1c2e637cb992bc07cf9f55985 94