From raeburn@MIT.EDU Tue Mar 26 20:48:06 2002
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id UAA01212
for <bugs@RT-11.mit.edu>; Tue, 26 Mar 2002 20:48:06 -0500 (EST)
Received: from central-city-carrier-station.mit.edu (CENTRAL-CITY-CARRIER-STATION.MIT.EDU [18.7.7.72])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id UAA05009
for <bugs@RT-11.mit.edu>; Tue, 26 Mar 2002 20:48:05 -0500 (EST)
Received: from melbourne-city-street.mit.edu (MELBOURNE-CITY-STREET.MIT.EDU [18.7.21.86])
by central-city-carrier-station.mit.edu (8.9.2/8.9.2) with ESMTP id UAA07053
for <krb5-bugs@MIT.EDU>; Tue, 26 Mar 2002 20:48:05 -0500 (EST)
Received: from all-in-one.mit.edu (ALL-IN-ONE.MIT.EDU [18.18.1.71])
by melbourne-city-street.mit.edu (8.9.2/8.9.2) with ESMTP id UAA11569
for <krb5-bugs@mit.edu>; Tue, 26 Mar 2002 20:48:05 -0500 (EST)
Received: (from raeburn@localhost) by all-in-one.mit.edu (8.9.3)
id UAA22054; Tue, 26 Mar 2002 20:48:05 -0500
Message-Id: <200203270148.UAA22054@all-in-one.mit.edu>
Date: Tue, 26 Mar 2002 20:48:05 -0500
From: raeburn@MIT.EDU
Reply-To: raeburn@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: kprop should have sanity checks for database shrinkage
X-Send-Pr-Version: 3.99
System: Linux all-in-one.mit.edu 2.4.9-12smp #1 SMP Tue Oct 30 18:16:48 EST 2001 i686 unknown
Architecture: i686
The kprop code should watch out for cases where the database shrinks
noticably, say by 10% or more and configurable by the sysadmin, and it
should give an error and refuse to do the propagation until the error
is reset.
From: peirce@gumby.it.wmich.edu (Leonard J. Peirce)
Subject: Weird KDC behaviour with getprincs/kdb5_util (V5 1.2.2, Solaris 8)
To: kerberos@MIT.EDU
Date: Tue, 26 Mar 2002 21:21:55 +0000 (UTC)
Organization: Western Michigan University
This is V5 1.2.2 running on Solaris 8....
We're seeing something very strange on our KDC. We have approximately
46,000 total principals. When we propagate (kdb5_util dump) or do
getprincs in kadmin to get a list of all principal names the resulting
output (in both cases) is missing over half of the principals that we
know are in the database. Our slave server is pretty much useless at
this point until we get this working again.
The really odd part is that the principals that don't show up are in the
database and continue to work fine. Users can get tickets, use them for
rlogin/telnet/ftp, and change their passwords. We can do getprinc for any
one of the missing entries and they show up just fine. But running getprincs
to list the entire database or kdb5_util dump both fail to list them.
BTW, I tried using
kdb5_util dump dump.out <principal>
to dump a single principal and didn't get the principal dumped. Instead,
it appeared to dump just the policies that we have defined. Am I misreading
the man page? I had hoped to be able to dump each individual principal,
append to a file, and possibly reload the database.
Any suggestions on troubleshooting this? Could it be a buffer being over-
run someplace?
Any help would, of course, be greatly appreciated.
--
Leonard J. Peirce Email: leonard.peirce@wmich.edu
UNIX System Manager
Western Michigan University
Office of Information Technology
Kalamazoo, MI 49008 Phone: (616) 387-5430
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id UAA01212
for <bugs@RT-11.mit.edu>; Tue, 26 Mar 2002 20:48:06 -0500 (EST)
Received: from central-city-carrier-station.mit.edu (CENTRAL-CITY-CARRIER-STATION.MIT.EDU [18.7.7.72])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id UAA05009
for <bugs@RT-11.mit.edu>; Tue, 26 Mar 2002 20:48:05 -0500 (EST)
Received: from melbourne-city-street.mit.edu (MELBOURNE-CITY-STREET.MIT.EDU [18.7.21.86])
by central-city-carrier-station.mit.edu (8.9.2/8.9.2) with ESMTP id UAA07053
for <krb5-bugs@MIT.EDU>; Tue, 26 Mar 2002 20:48:05 -0500 (EST)
Received: from all-in-one.mit.edu (ALL-IN-ONE.MIT.EDU [18.18.1.71])
by melbourne-city-street.mit.edu (8.9.2/8.9.2) with ESMTP id UAA11569
for <krb5-bugs@mit.edu>; Tue, 26 Mar 2002 20:48:05 -0500 (EST)
Received: (from raeburn@localhost) by all-in-one.mit.edu (8.9.3)
id UAA22054; Tue, 26 Mar 2002 20:48:05 -0500
Message-Id: <200203270148.UAA22054@all-in-one.mit.edu>
Date: Tue, 26 Mar 2002 20:48:05 -0500
From: raeburn@MIT.EDU
Reply-To: raeburn@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: kprop should have sanity checks for database shrinkage
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 1080
>Category: krb5-kdc
>Synopsis: kprop should have sanity checks for database shrinkage
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Tue Mar 26 20:49:00 EST 2002
>Last-Modified:
>Originator: Ken Raeburn
>Organization:
very little>Category: krb5-kdc
>Synopsis: kprop should have sanity checks for database shrinkage
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Tue Mar 26 20:49:00 EST 2002
>Last-Modified:
>Originator: Ken Raeburn
>Organization:
Show quoted text
>Release: 1.2.2
>Environment:
>Environment:
System: Linux all-in-one.mit.edu 2.4.9-12smp #1 SMP Tue Oct 30 18:16:48 EST 2001 i686 unknown
Architecture: i686
Show quoted text
>Description:
The kprop code should watch out for cases where the database shrinks
noticably, say by 10% or more and configurable by the sysadmin, and it
should give an error and refuse to do the propagation until the error
is reset.
From: peirce@gumby.it.wmich.edu (Leonard J. Peirce)
Subject: Weird KDC behaviour with getprincs/kdb5_util (V5 1.2.2, Solaris 8)
To: kerberos@MIT.EDU
Date: Tue, 26 Mar 2002 21:21:55 +0000 (UTC)
Organization: Western Michigan University
This is V5 1.2.2 running on Solaris 8....
We're seeing something very strange on our KDC. We have approximately
46,000 total principals. When we propagate (kdb5_util dump) or do
getprincs in kadmin to get a list of all principal names the resulting
output (in both cases) is missing over half of the principals that we
know are in the database. Our slave server is pretty much useless at
this point until we get this working again.
The really odd part is that the principals that don't show up are in the
database and continue to work fine. Users can get tickets, use them for
rlogin/telnet/ftp, and change their passwords. We can do getprinc for any
one of the missing entries and they show up just fine. But running getprincs
to list the entire database or kdb5_util dump both fail to list them.
BTW, I tried using
kdb5_util dump dump.out <principal>
to dump a single principal and didn't get the principal dumped. Instead,
it appeared to dump just the policies that we have defined. Am I misreading
the man page? I had hoped to be able to dump each individual principal,
append to a file, and possibly reload the database.
Any suggestions on troubleshooting this? Could it be a buffer being over-
run someplace?
Any help would, of course, be greatly appreciated.
--
Leonard J. Peirce Email: leonard.peirce@wmich.edu
UNIX System Manager
Western Michigan University
Office of Information Technology
Kalamazoo, MI 49008 Phone: (616) 387-5430
Show quoted text
________________________________________________
Kerberos mailing list Kerberos@mit.edu
http://mailman.mit.edu/mailman/listinfo/kerberos
Kerberos mailing list Kerberos@mit.edu
http://mailman.mit.edu/mailman/listinfo/kerberos
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
>Unformatted: