KRB5_REALM_CANT_RESOLVE errors ?
Christopher Burke
craznar at hotmail.com
Fri Mar 29 21:30:00 EST 2002
raeburn at mit.edu (Ken Raeburn) wrote in news:tx13cyjcejr.fsf at mit.edu:
>> I don't get to do ANY rewrites on the main application as it is a
>> commercial app (iPlanet Directory server).... all I get to do is write
>> a plugin (.so) which the main application loads and runs.
>
> Sure. I meant development time to help us make the krb5 library more
> thread-safe. (Still working on the assumption that that's the source
> of the problems.)
Me - not a chance, I write C like a monkey paints portraits. I program in
many languages, but avoid C at all costs. It normally takes me 10-50 times
as long to write stuff in C as it does in any other language...
> Otherwise, your best bet may be to fork off one or more slave
> processes you can pass name/password strings to and get back
> success/failure indications. If you can keep it localized within the
> Kerberos parts of the plugin, you should be able to switch back to the
> one-process form without too much pain later on when the thread safety
> issues have been dealt with. I think you indicated that you were
> doing this earlier:
Looking at doing that... but in C, I might as well be a monkey waiting to
paint the mona-lisa.
>> Don't know for sure yet... but that latency between calls seems to be
>> the issue - but only on this 1 call at a time application. The multi
>> threaded apps that fork out multiple kerberos 5 auths work fine.
>
> Just to be crystal clear -- this was using fork() to create new
> processes with separate address spaces to do the Kerberos work, and
> not a casual reference to splitting the control flow by creating more
> threads, right? That's certainly the easy way to sidestep the thread
> safety problems. And if you're using slave processes that stick
> around and process lots of requests, even better, overall it'll save
> on fork and process startup costs.
It was actually an application which I ran hundreds of time - showed up
100s of times in a ps list etc. Problem is converting this plugin to fork
new processes each time is a little beyond me at this point.
But at least we have worked out the problem.... would specifying the
machines as IP addresses in the krb5.conf file help at all ?
--
---
/* Christopher Burke - Spam Mail to craznar at hotmail.com
|* www.craznar.com -
\* Real mail to cburke(at)craznar(dot)com
More information about the Kerberos
mailing list