Functional test of KDC for monitoring?

Nico Williams nico at cryptonector.com
Wed Feb 13 11:21:49 EST 2013


On Wed, Feb 13, 2013 at 6:12 AM, John Devitofranceschi
<jdvf at optonline.net> wrote:
> One thing that we do is monitor propagation.  Something like:
>
> lpc=get_last_princ_changed;
>
> master_lpc_kvno=get_kvno(master_kdc, lpc);
>
> init_error_state;
> foreach kdc (@slave_kdc_list) ; do
>         slave_lpc_kvno= get_kvno(kdc, lpc);
>         if (master_lpc_kvno != slave_lpc_kvno)
>         then
>                 set_error_state;
>         fi
> done
>
> report_error_state;

Note that this will fail to detect failures to iprop other principals.

Ideally there'd be a cheap, constant-time way compare DBs.  Something
like having a Merkle hash tree so we need only compare root hashes.
But changing the KDB to have such a form is involved, and it implies
some additional trade-offs (e.g., can't possibly have higher write
concurrency without at least serializing the last part of each
commit).

> The challenge that I see is getting the last princ changed. You can scrape the logs or run the monitor on the master and use kproplog.

Yup!

> What would be nice is if kadmin had client-visible requests that gave you visibility into iprop status.

Interesting idea.  Basically an RPC for getting the ulog.  In fact,
the kadmin server has this -- it's the kadmin client that lacks a UI
to it.

Also, we really should want to keep complete ulogs on the slaves as
well so we can inspect them and see if any changes were missed.  Among
other things it would make it easier to write thorough tests!

Nico
--


More information about the Kerberos mailing list