KRB5_REALM_CANT_RESOLVE errors ?

Christopher Burke craznar at hotmail.com
Fri Mar 29 21:30:00 EST 2002 

raeburn at mit.edu (Ken Raeburn) wrote in news:tx13cyjcejr.fsf at mit.edu:

>> I don't get to do ANY rewrites on the main application as it is a
>> commercial app (iPlanet Directory server).... all I get to do is write
>> a plugin (.so) which the main application loads and runs.
> 
> Sure.  I meant development time to help us make the krb5 library more
> thread-safe.  (Still working on the assumption that that's the source
> of the problems.)

Me - not a chance, I write C like a monkey paints portraits. I program in 
many languages, but avoid C at all costs.  It normally takes me 10-50 times 
as long to write stuff in C as it does in any other language...

> Otherwise, your best bet may be to fork off one or more slave
> processes you can pass name/password strings to and get back
> success/failure indications.  If you can keep it localized within the
> Kerberos parts of the plugin, you should be able to switch back to the
> one-process form without too much pain later on when the thread safety
> issues have been dealt with.  I think you indicated that you were
> doing this earlier:

Looking at doing that... but in C, I might as well be a monkey waiting to 
paint the mona-lisa.

>> Don't know for sure yet... but that latency between calls seems to be
>> the issue - but only on this 1 call at a time application. The multi
>> threaded apps that fork out multiple kerberos 5 auths work fine.
> 
> Just to be crystal clear -- this was using fork() to create new
> processes with separate address spaces to do the Kerberos work, and
> not a casual reference to splitting the control flow by creating more
> threads, right?  That's certainly the easy way to sidestep the thread
> safety problems.  And if you're using slave processes that stick
> around and process lots of requests, even better, overall it'll save
> on fork and process startup costs.
 
It was actually an application which I ran hundreds of time - showed up 
100s of times in a ps list etc. Problem is converting this plugin to fork 
new processes each time is a little beyond me at this point.

But at least we have worked out the problem.... would specifying the 
machines as IP addresses in the krb5.conf file help at all ?


-- 
---
/* Christopher Burke - Spam Mail to craznar at hotmail.com
|* www.craznar.com - 
\* Real mail to cburke(at)craznar(dot)com

More information about the Kerberos mailing list