Weird KDC behaviour with getprincs/kdb5_util (V5 1.2.2, Solaris 8)
eichin-krb@thok.org
eichin-krb at thok.org
Wed Mar 27 17:12:11 EST 2002
Just some comments:
1) The times I've heard about this (or forced it, back when I worked
at Cygnus and was debugging this sort of thing) did in involve
"structured" names. (I'm not suggesting that one not *use*
structured usernames, it's kind of sad that it matters -- but just
to note that such names have been more likely to trigger hash bugs
in the past. Yet another reason to use btree instead.)
2) The missing principals make sense -- the failures that led to chain
corruption always lost the entry that was being stored (at least
one of the failure modes that we fixed back then.) However,
recreating those will *not* help -- those specific names are likely
to be "off then end" of some hash chain, and recreating them is
more likely to introduce *more* corruption.
I'd take a look at the recent perl KDB code that went by, and try
using that to just pull out records and put them into a new database.
If you have a complete list of principals to work with, that's
easier. If you only have a partial list, I'd suggest the approach of
using each principal as a starting point and then scanning -- ie. for
every one that you haven't seen before, try chaining/nexting off of it
to see if you've hit a different section of the db...
More information about the Kerberos
mailing list