Kerberos 1.9.1 locking issues
Dave Steiner
steiner.dave at gmail.com
Wed Jun 29 17:39:28 EDT 2011
On Jun 23, 12:22 am, Greg Hudson <ghud... at MIT.EDU> wrote:
> On Wed, 2011-06-22 at 15:09 -0400, Dave Steiner wrote:
> > Is anyone else seeing these kinds of issues? Are there any
> > recommended ways to fix or help with this?
>
> The database locking discipline is hardcoded and not configurable, but
> if you're able to recompile the code, simply bumping MAX_LOCK_TRIES in
> plugins/kdb/db2/kdb_db2.c to a larger value (from 5 to 15, say) might
> help.
>
> Without further analysis, I'm not sure whether your problem owes to
> changes in 1.9.1 and how much it's just due to increasing load. Changes
> to principals by kadmind requires an exclusive lock on the database, and
> trying five times at 1-second intervals could certainly fail if the KDC
> happened to have the database open for reading at five particular times.
>
> (It would be much more robust if we could get a blocking lock with a
> timeout. Unfortunately, I'm not aware of any good way to do that
> without using alarm signals, which isn't especially nice to do inside a
> library.)
Ok, so I've increased the MAX_LOCK_TRIES to 15 and so far that seems
to have stop this problem except during propagation. I'm still using
the old "dump the data and propagate" method. I assume that if I move
to iprop that this will help with this.
thanks,
ds
More information about the Kerberos
mailing list