| To: | krb5-bugs@MIT.EDU |
| Subject: | db2 policy database loading broken |
| From: | Ken Raeburn <raeburn@MIT.EDU> |
| Date: | Wed, 27 Sep 2006 21:09:37 -0400 |
I thought I'd done a better job of fixing this up after the DAL merge,
but apparently not....
The "kdb5_util load" process, using the db2 back end, creates a new
database (if the main db is "/foo/bar", it creates "/foo/bar~") to
load new entries into, and then renames it to replace the original
database.
The db implementation actually uses multiple files, "bar" for the
principal data, "bar.kadm5" for the policy data, and lock files and
such. So for the temporary database, it's "bar~.kadm5" etc.
Unfortunately, it appears that policy data being loaded gets written
to "bar.kadm5" instead of "bar~.kadm5", so it gets thrown away when we
do the rename, and we're left with an empty policy database.
This should be fixed for 1.6.
Ken
but apparently not....
The "kdb5_util load" process, using the db2 back end, creates a new
database (if the main db is "/foo/bar", it creates "/foo/bar~") to
load new entries into, and then renames it to replace the original
database.
The db implementation actually uses multiple files, "bar" for the
principal data, "bar.kadm5" for the policy data, and lock files and
such. So for the temporary database, it's "bar~.kadm5" etc.
Unfortunately, it appears that policy data being loaded gets written
to "bar.kadm5" instead of "bar~.kadm5", so it gets thrown away when we
do the rename, and we're left with an empty policy database.
This should be fixed for 1.6.
Ken