Kerberos 1.9.1 locking issues

Dave Steiner steiner.dave at gmail.com
Wed Jun 29 17:39:28 EDT 2011


On Jun 23, 12:22 am, Greg Hudson <ghud... at MIT.EDU> wrote:
> On Wed, 2011-06-22 at 15:09 -0400, Dave Steiner wrote:
> > Is anyone else seeing these kinds of issues?  Are there any
> > recommended ways to fix or help with this?
>
> The database locking discipline is hardcoded and not configurable, but
> if you're able to recompile the code, simply bumping MAX_LOCK_TRIES in
> plugins/kdb/db2/kdb_db2.c to a larger value (from 5 to 15, say) might
> help.
>
> Without further analysis, I'm not sure whether your problem owes to
> changes in 1.9.1 and how much it's just due to increasing load.  Changes
> to principals by kadmind requires an exclusive lock on the database, and
> trying five times at 1-second intervals could certainly fail if the KDC
> happened to have the database open for reading at five particular times.
>
> (It would be much more robust if we could get a blocking lock with a
> timeout.  Unfortunately, I'm not aware of any good way to do that
> without using alarm signals, which isn't especially nice to do inside a
> library.)

Ok, so I've increased the MAX_LOCK_TRIES to 15 and so far that seems
to have stop this problem except during propagation.  I'm still using
the old "dump the data and propagate" method.  I assume that if I move
to iprop that this will help with this.

thanks,
ds



More information about the Kerberos mailing list