krb5kdc pausing while kdb5_util dumps database
Kenneth MacDonald
Kenneth.MacDonald at ed.ac.uk
Fri Apr 25 05:39:07 EDT 2014
We have a (large?) principal database that takes forty seconds to dump
with kdb5_util. While this is going on krb5kdc stops responding to
authentication and ticket requests. It happily continues once the dump
is complete.
We are running MIT krb5 1.12.1 on Scientific Linux 6.
Incremental propagation is turned on, account lockout policy is in
place, and last successful authentication is not written.
We see the same pause whenever a full resync is made, e.g. after a
policy change. This is not surprising as kadmind spawns a kdb5_util
dump for this.
Is this behaviour of krb5kdc to be expected or might we have something
incorrect in our configuration?
Cheers,
Kenny.
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
More information about the Kerberos
mailing list