Your message dated Tue, 29 Nov 2011 19:48:06 -0500 (EST)
with message-id <[email protected]>
and subject line start order fixed
has caused the Debian Bug report #603822,
regarding krb5-kdc-ldap: Catch 22 regarding start-up order.
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
603822: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=603822
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: krb5-kdc-ldap
Version: 1.6.dfsg.4~beta1-5
Severity: important
After restarting krb524d opens 5 connections to ldap on my system. Some
minutes later, i.e. now, it has already 56 connections - all from the
same PID. Since the KDC is not productive yet, I'm not aware of any
requests handled in the meantime. Once it reaches the limit of its
OpenVZ container it uses 100% CPU. From the outside the KDC remains
responsive (now it's 70 connections!). I only noticed the issue, because
of the high CPU load and then because of user_bean hits. Increment is in
lots of 5 connections.
Apart from a single UDP connection to 4444 it does not entertain any
other connections according to lsof -i.
... now it's 115 connections ... lsof -i reports:
krb524d 687 root 4u IPv4 155440 TCP
hel.mgr:47962->hel.mgr:ldaps (ESTABLISHED)
krb524d 687 root 7u IPv4 155445 TCP
hel.mgr:47963->hel.mgr:ldaps (ESTABLISHED)
krb524d 687 root 8u IPv4 155450 TCP
hel.mgr:47964->hel.mgr:ldaps (ESTABLISHED)
krb524d 687 root 9u IPv4 155455 TCP
hel.mgr:47965->hel.mgr:ldaps (ESTABLISHED)
...
krb524d 687 root 139u IPv4 158877 TCP
hel.mgr:40286->hel.mgr:ldaps (ESTABLISHED)
krb524d 687 root 140u IPv4 158882 TCP
hel.mgr:40287->hel.mgr:ldaps (ESTABLISHED)
krb524d 687 root 141u IPv4 158887 TCP
hel.mgr:40288->hel.mgr:ldaps (ESTABLISHED)
krb524d 687 root 142u IPv4 158892 TCP
hel.mgr:40289->hel.mgr:ldaps (ESTABLISHED)
Another observation is that the KDC does not start automatically on
boot. It could be a simple misconfiguration (setting enable somewhere),
but maybe it's another evidence. Starting manually using
/etc/init.d/krb5-kdc start works flawlessly. Doing a restart kills all
the bogous connections and starts the game from the beginning.
All my test Tickets are obtained correctly. From the outside the KDC
appears completely sane.
-- System Information:
Debian Release: 5.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-openvz-amd64 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages krb5-kdc-ldap depends on:
ii krb5-kdc 1.6.dfsg.4~beta1-5 MIT Kerberos key server (KDC)
ii libc6 2.7-16 GNU C Library: Shared libraries
ii libcomerr2 1.41.3-1 common error description
library
ii libkadm55 1.6.dfsg.4~beta1-5 MIT Kerberos administration
runtim
ii libkeyutils1 1.2-9 Linux Key Management
Utilities (li
ii libkrb53 1.6.dfsg.4~beta1-5 MIT Kerberos runtime libraries
ii libldap-2.4-2 2.4.11-1 OpenLDAP libraries
krb5-kdc-ldap recommends no packages.
krb5-kdc-ldap suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
tags 603822 sid
thanks
Hi. It turns out that this was a duplicate of another bug. Squeeze
should correctly start ldap before krb5-kdc if the krb5-kdc-ldap
plugin is installed.
--- End Message ---
