kadmin incremental propagation full resync multiple processes spawned

Paul B. Henson henson at acm.org
Fri Nov 4 19:34:29 EDT 2011


On 11/4/2011 4:10 PM, Tom Yu wrote:

> What I was alluding to was operations like the F_SETLKW (as opposed to
> F_SETLK) command of POSIX fcntl(), which will block on acquiring the
> lock.  It has a drawback of lacking timeout capability, so callers
> would have to arrange for a timeout by using alarm() or something.
> This isn't really viable in a multithreaded process, or in a library

Ah, ok, forgot about blocking fcntl :), it's been a while since I've 
worked with file locking code. Yah, I've run into issues in the past 
where I've had an alarm set and something else stomped over it :(. 
Theoretically I suppose you could try to save the existing SIGALRM 
handler and remaining time on the current alarm, but that doesn't seem 
very reliable and rather messy.

Also, the success of a blocking lock implementation would depend on 
whether or not the underlying OS implemented fair lock scheduling. I 
think Solaris does, but I don't know that Linux (our current OS for 
kerberos servers) does.

> The kprop process is probably also fighting with the main KDC process
> in acquiring the lock, so if you have a heavy authentication load
> going on at the same time, the problem could get worse.

The batch jobs run at 3:30am, so not too much authentication load :).


-- 
Paul B. Henson  |  (909) 979-6361  |  http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst  |  henson at csupomona.edu
California State Polytechnic University  |  Pomona CA 91768



More information about the Kerberos mailing list