Principal DB Size

Brian Sathianathan brianslist at apple.com
Thu Jun 17 20:26:29 EDT 2004 

I tried pointing the kerberos database to a different  db ( Berkely Db 
4.2) during the ./configure stage didn't help I still hit that limit.  
I also went through the database related source code functions  
(krb5_db2_db_put_principal.krb5_db2_db_get_principal )  looking for 
some integer that might overflow( because 4.2G sounded like an integer 
limit) didn't find any type limitation there . The type limitations 
that you mentioned are they in the database code or the interface code 
, if they are in the database code it self , Can you give me some 
functions or module names you suspect the limitation might be in

Thanks

Brian

On Monday, June 14, 2004, at 05:43  PM, Ken Raeburn wrote:

> On Jun 14, 2004, at 18:11, Brian Sathianathan wrote:
>> I am doing some testing with adding a  few million user entries in 
>> the KDC principal database , I did use kadmin.local to input data 
>> into the database . The problem I have now is , when the principal DB 
>> reaches the size of 4294967296 bytes it gets corrupted , The 
>> questions are
>
> Uh oh.  Exceeding 4G on a 32-bit system may not be handled well in the 
> current DB code, from the sounds of it.  (For that matter, even if 
> it's a 64-bit system, there may be enough 32-bit types used that it 
> can't do bigger files.)  I'm disappointed that the code didn't detect 
> the error, but I can't claim to be terribly surprised.
>
> Even if we don't fix the code to support large files, we should 
> probably try to make it detect the problem and try to restore the old 
> database state.  I'm not sure how tough that will be.
>
>> 1. How do you recover such a corrupted database (I tried kdb5_util 
>> did'nt help)
>
> We don't currently have any program to grovel over the database and 
> pull out the non-corrupted entries.  Without knowing specifics of the 
> corruption itself, that's probably the best that could be done -- pull 
> out what data is still available, try to put it back into a new 
> database, and try not to trip the same bug again (i.e., don't add 
> anything new).  But it'd require going over the low-level details of 
> the database format and figuring out what to look for in the raw 
> database file.
>
>> 2. Is there any limit on the no of users you can add or the size of 
>> the principal DB
>
> Apparently. :-(
>
> Ken
>

More information about the krbdev mailing list