eichin-krb
Wed, 27 Mar 2002 13:54:35 -0800
Just some comments: 1) The times I've heard about this (or forced it, back when I worked at Cygnus and was debugging this sort of thing) did in involve "structured" names. (I'm not suggesting that one not *use* structured usernames, it's kind of sad that it matters -- but just to note that such names have been more likely to trigger hash bugs in the past. Yet another reason to use btree instead.)
2) The missing principals make sense -- the failures that led to chain corruption always lost the entry that was being stored (at least one of the failure modes that we fixed back then.) However, recreating those will *not* help -- those specific names are likely to be "off then end" of some hash chain, and recreating them is more likely to introduce *more* corruption. I'd take a look at the recent perl KDB code that went by, and try using that to just pull out records and put them into a new database. If you have a complete list of principals to work with, that's easier. If you only have a partial list, I'd suggest the approach of using each principal as a starting point and then scanning -- ie. for every one that you haven't seen before, try chaining/nexting off of it to see if you've hit a different section of the db... ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos