Kadmind (v1.6.3) - Crash? RPC Errors!?

tma@cwru.edu tma at cwru.edu
Wed Oct 14 15:26:49 EDT 2009 

Platform "Linux x86_64 x86_64 x86_64 GNU/Linux"

Been running for many years without a hitch until this am when we  
noticed the following in the logs because kadmind displaying errors  
shown below and was basically brain dead.

Restart of krb5kdc and kadmind seemed to fix it for now!

Not sure what could have cause this, as I have never seen this happen  
in all of the 11 years since Kerberos v4!

As I was typing this message, it started happening again, and I  
alerted my colleague who responded that his program may be the cause  
of this problem. He is running a script that is checking status of  
100K alumni to see who has an kerberos principal or not. Thats all!

We are wondering if running this by hand vs. from cron could be  
loading the LD_LIBRARY_PATH! (edit: yes paths were different, we  
changed it to correct load library path)

But still is this a known bug and hopefully been fixed in the latest  
version or just normal behavior?  Kind of scary that this can happen  
in the first place if you have the wrong load lib path.

I thought I would share this with the list hoping someone could shed  
some light for us.

Thank you in advance for any help you may provide,
Tareq

----
Oct 14 09:52:11 kdcservername.fqdn.edu kadmind[19076](Notice):  
Miscellaneous RPC error: XXX.XX.XXX.XX, internal error unsealing  
sequence number
....a few thousands of identical lines in the logs and then:


Oct 14 14:00:28 kdcservername.fqdn.edu kadmind[18419](Notice):  
Authentication attempt failed: XXX.XX.XXX.XX, GSS-API error strings are:
Oct 14 14:00:28 kdcservername.fqdn.edu kadmind[18419](Notice):  
Authentication attempt failed: XXX.XX.XXX.XX, GSS-API error strings are:
Oct 14 14:00:28 kdcservername.fqdn.edu kadmind[18419](Notice):      
Unspecified GSS failure.  Minor code may provide more information
Oct 14 14:00:28 kdcservername.fqdn.edu kadmind[18419](Notice):      
Unspecified GSS failure.  Minor code may provide more information
Oct 14 14:00:28 kdcservername.fqdn.edu kadmind[18419](Notice):      
Database is locked or in use--try again later
Oct 14 14:00:28 kdcservername.fqdn.edu kadmind[18419](Notice):      
Database is locked or in use--try again later
Oct 14 14:00:28 kdcservername.fqdn.edu kadmind[18419](Notice):    GSS- 
API error strings complete.
Oct 14 14:00:28 kdcservername.fqdn.edu kadmind[18419](Notice):    GSS- 
API error strings complete.


(IP address removed was for an application server where our user  
management perl tools are running.)

More information about the Kerberos mailing list