Double logs from the KDC
Fredrik Tolf
fredrik at dolda2000.com
Tue Nov 29 20:22:06 EST 2005
On Tue, 2005-11-29 at 12:39 +1100, Jeremy Hunt wrote:
> No it is not a duplicate interface, I think it is a problem when you
> define HAVE_SYSLOG during your build. If you use src/configure in your
> build pocess, you probably do have it defined.
>
> The problem is in src/lib/kadm5/logger.c which gives you two log
> messages about 35 lines apart when HAVE_SYSLOG is defined. Because the
> first one has a comment implying that it always logs important stuff, I
> comment out the second in that part of the code that interrogates the
> configured log control entries. But I chose that because I like to log
> everything :).
I checked the code you mention, but as far as I am able to tell, the
first one only runs in case no log specifications have been loaded
(if(log_control.log_nentries == 0)). Therefore, I cannot see that being
the cause for double messages. It also doesn't explain why the ordinary
logfile receives double messages. Unless I've missed something, that is?
I guess I'll recompile the KDC with debug support and see what I can
find.
Fredrik Tolf
> I have a patch which works for kerberos 1.4.x, which I think resolves
> it, but I am still testing this and a bunch of other changes.
>
> diff -Nur Krb5.current/src/lib/kadm5/logger.c
> Krb5.our.mods/src/lib/kadm5/logger.c
> --- Krb5.current/src/lib/kadm5/logger.c 2002-09-19 06:44:13.000000000 +1000
> +++ Krb5.our.mods/src/lib/kadm5/logger.c 2005-11-23
> 14:58:31.000000000 +1
> 100
> @@ -895,16 +895,22 @@
> log_control.log_entries[lindex].ldu_devname);
> }
> break;
> -#ifdef HAVE_SYSLOG
> - case K_LOG_SYSLOG:
> +// OUR change - Duplicate log
> +/* This appears to duplicate syslog messages - why
> + * #ifdef HAVE_SYSLOG
> + * case K_LOG_SYSLOG:
> +// end OUR change
> /*
> * System log.
> */
>
> /* Log the message with our header trimmed off */
> - syslog(priority, "%s", syslogp);
> - break;
> +// OUR change - Duplicate log
> +/* syslog(priority, "%s", syslogp);
> + * break;
> #endif /* HAVE_SYSLOG */
> +/* I have removed it : jeremyh */
> +// end OUR change
> default:
> break;
> }
>
> I hope this helps,
>
> Jeremy
>
> sh0487 wrote:
> > [safeTgram (optim1) receive status: NOT encrypted, NOT signed.]
> >
> >
> > I've seen this happen on KDC's that have two ethernet interfaces. Is that
> > the case here?
> >
> > Steve Harper
> >
> > On Sun, 27 Nov 2005, Fredrik Tolf wrote:
> >
> >
> >> Hi List!
> >>
> >> I have a small problem with my MIT KDC: All log messages are logged
> >> twice. It's not exactly a life threatening problem, but quite annoying.
> >>
> >> I have configured logging to log both to a file and to syslog, and the
> >> log messages appear twice in both the file and in syslog. When looking
> >> in /proc/`pidof krb5kdc`/fd (it's running on Linux), I can also see that
> >> it has opened the logfile on two file descriptors.
> >>
> >> My log configuration from /etc/krb5.conf looks like this:
> >> [logging]
> >> kdc = FILE:/var/log/krb5kdc.log
> >> kdc = SYSLOG:INFO:DAEMON
> >> admin_server = FILE:/var/log/kadmin.log
> >> admin_server = SYSLOG:INFO:DAEMON
> >> default = FILE:/var/log/krb5lib.log
> >>
> >> The logs from the kadmin daemon appear twice, as well. Does someone know
> >> why this happens?
> >>
> >> Fredrik Tolf
> >>
> >>
> >> ________________________________________________
> >> Kerberos mailing list Kerberos at mit.edu
> >> https://mailman.mit.edu/mailman/listinfo/kerberos
> >>
> >>
> > ________________________________________________
> > Kerberos mailing list Kerberos at mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> >
> >
> >
> >
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list