KDC HA Failure with krb5-1.9.1 and pam-krb5 4.4
Tom Parker
tparker at cbnco.com
Sat Nov 19 23:09:34 EST 2011
Hi Nalin
Thanks for your answer. One thing I don't understand. Is this fixed in
1.9.2 or will it be in 1.10.x?
For now I will hold off migrating my clients from 1.8.3.
Tom Parker
On 11/18/2011 06:32 PM, Nalin Dahyabhai wrote:
> On Fri, Nov 18, 2011 at 05:41:44PM -0500, Tom Parker wrote:
>> Thanks for your quick reply. I have attached my results below. When
>> one of my KDCs is down the client kinit fails with: kinit:
>> sendto_kdc.c:617: cm_get_ssflags: Assertion `i< selstate->nfds' failed.
> That looks like a bug that we ran into when the send-to-kdc code was
> reworked to use poll() (RT#6905) and we pulled it from trunk to add to
> our 1.9 and 1.9.1 binary packages. The fix was RT#6951. We ran into
> another case, too, but by then that part of the library had been
> reworked again so that trunk didn't need the fix, so I didn't open a
> ticket for it. I'll append the patch for it below.
>
> HTH,
>
> Nalin
>
> If we exit the transmit loop cleanly, don't overestimate the size of the
> connections array. This bug appears to have been removed upstream when
> this function was rewritten in trunk, and the select()-based implementation
> is still what's in 1.9, so this patch has nowhere to go.
> --- krb5-1.9.1/src/lib/krb5/os/sendto_kdc.c 2011-09-28 14:54:20.560811664 -0400
> +++ krb5-1.9.1/src/lib/krb5/os/sendto_kdc.c 2011-09-28 14:54:11.396812292 -0400
> @@ -1317,7 +1319,10 @@ krb5int_sendto (krb5_context context, co
> call with the last one from the above loop, if the loop
> actually calls select. */
> sel_state->end_time.tv_sec += delay_this_pass;
> - e = service_fds(context, sel_state, conns, host+1,&winning_conn,
> + i = host+1;
> + if (i> n_conns)
> + i = n_conns;
> + e = service_fds(context, sel_state, conns, i,&winning_conn,
> sel_state+1, msg_handler, msg_handler_data);
> if (e)
> break;
More information about the Kerberos
mailing list