[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: DB corruption(?) causing "add" failures

To: heimdal-discuss@sics.se
Subject: Re: DB corruption(?) causing "add" failures
From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
Date: Fri, 12 Nov 2004 00:27:30 -0800
In-Reply-To: <4BF48F4A-2876-11D9-A06B-000A95CA746C@jpl.nasa.gov>
References: <4BF48F4A-2876-11D9-A06B-000A95CA746C@jpl.nasa.gov>
Sender: owner-heimdal-discuss@sics.se

Should have posted this sooner, but for the record this is a non-issue  
for real installations.

The problem is that we were testing with a large number of principals  
of the form testuser01234.  If the usernames are more random then the  
problem does not occur.

On Oct 27, 2004, at 5:14 PM, Henry B. Hotz wrote:

> If this doesn't ring a bell, anyone got any suggestions?
>
> We've got a test script that does a bunch of kadmin add operations.   
> Some of the add's fail.
>
> We start with a database (imported from a kaserver, mostly) of 14,000  
> principals.  Then we start adding new ones.  About 1000 add's in we  
> get a block of about 10 failures.  Thereafter we get new blocks of  
> failures every few hundred or so.  A failure to create a principal is  
> thereafter repeatable.  You can't add a principal with that name.
>
> The failure does not go away even if you dump, erase, and reload the  
> whole database.  An error with an unrelated principal is reported  
> during the restore:
>> kadmin> load dumpfile.o
>> dumpfile.o:18710:error parsing keys (1)
>> kadmin>
> which goes away if you delete the relevant line. Sorting the text dump  
> has no effect, but it does change which principal is reported as  
> erroneous on restore.
>
> Original error:
>> kadmin> add <...options...> testuser01510
>> kadmin> add <...options...> testuser01511
>> kadmin: kadm5_create_principal: <unknown error>
>> kadmin: adding testuser01511: <unknown error>
>> kadmin> ...
> Retrying the add for testuser01511 gives the same error.  Retrying  
> after a dump/restore gives:
>> kadmin> add <...options...> testuser01511
>> kadmin: kadm5_create_principal: encryption type pw-salt not supported
>> kadmin: adding testuser01511: Unknown error
>> kadmin>
> Since I know someone will ask, the default keys line is:
>>         default_keys = v4 des:afs3-salt:jpl.nasa.gov des3:pw-salt  
>> arcfour-hmac-md5:pw-salt aes256-cts-hmac-sha1-96:pw-salt
> This is Heimdal 0.6.3, kth-krb-1.3rc1, openssl 0.9.7d, Berkeley db  
> 3.3.11 Solaris 9.
------------------------------------------------------------------------ 
----
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz@jpl.nasa.gov, or hbhotz@oxy.edu

Prev by Date: resource temporarily unavailable?
Next by Date: SSH2 and Heimdal
Prev by thread: resource temporarily unavailable?
Next by thread: SSH2 and Heimdal
Index(es):
- Date
- Thread