Weird KDC behaviour with getprincs/kdb5_util (V5 1.2.2, Solaris 8)
Marc Horowitz
marc at MIT.EDU
Wed Mar 27 22:03:45 EST 2002
peirce at lab2.cc.wmich.edu (LEONARD J PEIRCE) writes:
>> When we look at an alphabetical list of the principals that *should* be
>> displayed we notice that three principals after e9stock at WMICH.EDU that
>> start with e9 that are actually *missing* in the database. We know that
>> they were successfully added at one point from our account creation logs
>> and now they're gone. Could the corruption be localized to just these
>> three accounts? I'm tempted to try to recreate these principals and dumping
>> again to see if things clear up. Any chance it might work?
I agree with Mark, creating the names isn't going to help, and may
make things worse.
However, this does leave you with a few possibilities. First, it is
possible with some versions of the db2 api (I don't remember if it's
possible in the version MIT is using) to look up a particular record,
and iterate starting there. If you have access to this API, it might
help to start with the fourth principal after e9stock, and iterate
from there.
If that doesn't work, using your idea 1 (use an independent list of
all account names and read each one separately) is probably your best
bet.
Marc
More information about the Kerberos
mailing list