KDC and full disk problem

[Ken Hornstein]

>We noticed a problem recently which seems quite severe. Basically what
>happened was that the free disk space on our KDC filled up (with log
>files etc.) to 100%. However, the KDC continued to respond to incoming
>authentication requests and returned what we assume to be some kind of
>corrupted responses. This prevented logins on all of our 1000+ machines
>(including the KDC itself). To solve this problem when we first hit it
>meant disconnecting the KDC from the network so that authentication
>requests were forced to fallback to the slaves so that we could then
>login to find out what was going on and clear space on the KDC.

If it makes you feel any better, the exact same thing happened to us once
(but it only took once for us to fix it :-/ ).

Given the way things are currently ... there's not a wonderful
solution, considering that the code is buried deep within the Kerberos
library; that makes it hard to deal with it gracefully.  And let's face
it; a disk full situation is going to be hard to handle well.

Maybe there's a simpler solution ... like putting your log files on a
seperate partition?

--Ken