KRB5_REALM_CANT_RESOLVE errors ?
Christopher Burke
craznar at hotmail.com
Wed Mar 27 22:35:39 EST 2002
raeburn at mit.edu (Ken Raeburn) wrote in news:tx1eli5e885.fsf at mit.edu:
> You don't say just what routine is failing, but that error is only
> returned from the code for finding the KDC IP addresses. You could
> add some debugging-printf code to locate_kdc.c at various points to
> see where it might be failing. Also check the realm name that is
> supplied -- if that's not right, locate_kdc has no prayer of working.
Occurs in krb5_get_in_tkt_with_password, works find for 1000s and 1000s of
attempts.... but starts failing when there is a high volume of requests.
> You mention using one thread at a time -- is the application doing DNS
> stuff (explicitly or via gethostby*) in other threads at the same time
> as Kerberos authentication is being attempted? That might confuse
> things. In the 1.3 release I'm switching some things over to use
> getaddrinfo, which should be thread-safe on many platforms; that might
> help.
Its a multi-threaded app, with one funnel for kerberos auth - and a mutex
around all the kerberos stuff.
> If by "high load" you mean "many more threads running", there's a good
> chance it's related to the lack of thread safety not just in the MIT
> krb5 library, but in some of the C library functions it calls.
No by high load I mean very little time between one set of kerberos calls (an
entire authentication) and the next set. There is only one auth going on at
any given time in this app (which is iPlanet Directory server by the way).
--
---
/* Christopher Burke - Spam Mail to craznar at hotmail.com
|* www.craznar.com -
\* Real mail to cburke(at)craznar(dot)com
More information about the Kerberos
mailing list