KRB5_REALM_CANT_RESOLVE errors ?
Ken Raeburn
raeburn at MIT.EDU
Wed Mar 27 21:28:42 EST 2002
Christopher Burke <craznar at hotmail.com> writes:
> My application which authenticates to K5 (1 thread at a time) gets KRB5
> _REALM_CANT_RESOLVE errors alot when it (the application) is under a high
> load.
>
> Once it starts getting them it gives that error for all attempts until the
> load reduces dramatically.
>
> Any hints on exactly what the error means and what may be causing it ?
You don't say just what routine is failing, but that error is only
returned from the code for finding the KDC IP addresses. You could
add some debugging-printf code to locate_kdc.c at various points to
see where it might be failing. Also check the realm name that is
supplied -- if that's not right, locate_kdc has no prayer of working.
You mention using one thread at a time -- is the application doing DNS
stuff (explicitly or via gethostby*) in other threads at the same time
as Kerberos authentication is being attempted? That might confuse
things. In the 1.3 release I'm switching some things over to use
getaddrinfo, which should be thread-safe on many platforms; that might
help.
If by "high load" you mean "many more threads running", there's a good
chance it's related to the lack of thread safety not just in the MIT
krb5 library, but in some of the C library functions it calls.
Ken
More information about the Kerberos
mailing list