Information on "Kadmin.local" database lock error
Abhilash S
abhilashvkm at gmail.com
Wed Aug 8 22:09:48 EDT 2012
Hello Tom,
Version and OS:
we have kerberos 1.9.2 version.
It is running under Linux (x86_64 GNU/Linux).
KDC Traffic :
we do have heavy kadmin traffic.
we used to get avg or 4-7 Authentication request per second
For updating kerberos database , we have a java code which forks
"kadmin.local" utility , and uses kdc commands to
create/modify/delete principals,
This doesn't happens regularly but we gets this error at least 10 to 15 per
month.
Principle file size will be around 1.3G.
KDC config :
[kdcdefaults]
kdc_ports = 4160
kdc_tcp_ports = 4160
kdc_max_tcp_connections = 150
[realms]
RelmName = {
database_name = principal
acl_file = kadm5.acl
key_stash_file = lnxp.stash
kadmind_port = 4170
master_key_type = des3-hmac-sha1
max_life = 0d 2h 0m 0s
max_renewable_life = 0d 10h 0m 0s
default_principal_flags = +preauth
}
Thanks,
Abhilash
On Wed, Aug 8, 2012 at 6:34 PM, Tom Yu <tlyu at mit.edu> wrote:
> Abhilash S <abhilashvkm at gmail.com> writes:
>
> > Hello,
> >
> > I need few information on the kadmin.local utility.
> >
> > In few occasions am getting error "Cannot lock database while modifying"
> > when trying to modify or change the password of a principal.
> > Is it due to lock on KDC principal db file, or in what situations this
> can
> > occur.
> >
> > I am seeing this occurring quite frequently, is there any patch or
> > workaround available to get rid of this error.
>
> It's not necessary to send your message several times to multiple
> mailing lists.
>
> Could you provide some additional details, such as what release of
> Kerberos you're running, what OS, how you have configured the KDC
> database, etc.? What is the rate at which the KDC is serving
> requests? Do you have heavy kadmin traffic? How often do you get the
> lock error?
>
--
Thanks & Regards,
Abhilash.S
More information about the Kerberos
mailing list