krb524 stops working (MIT 1.5.4 + 2007-005/6 patches + fakeka patch)
Ken Raeburn
raeburn at MIT.EDU
Fri Nov 9 14:27:25 EST 2007
On Nov 9, 2007, at 11:14, John Tang Boyland wrote:
> However, every once in a while, the krb524d stops responding to
> requests. "ps augx" says:
>
> USER PID %CPU %MEM SZ RSS TT S START TIME COMMAND
> root 12025 1.2 63.5184632156496 ? S Oct 15 382:56 /
> opt/local/sbin/krb524d -m
>
> Last time this happened (apparently October 15th), I killed it and
> started it up again, and it worked just fine. But now it stopped
> working again.
That's not something we've seen before... when it's in this state,
could you try running strace on the process (for Linux, truss for
Solaris, etc) while you're sending requests it's not responding to?
If you've built it with debug info, attaching the process under gdb
to get a stack trace may help too, if strace doesn't show any activity.
Monitoring traffic to krb524d with tcpdump (ideally, recording the
full packets) might be handy if you catch it at some point while it's
growing massively like this. (Though on the off chance that someone
has come up with a krb524d deathgram packet, please report the info
to krbcore-security at mit so we could try to get a fix out before the
means of killing it becomes too widespread.)
Ken
More information about the Kerberos
mailing list