Bug#434864: heimdal-kdc: iprop failure leads to overflowing log partition

Fri, 27 Jul 2007 03:43:11 -0700 

Package: heimdal-kdc
Version: 0.7.2.dfsg.1-10
Severity: important



-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16.27-xenu
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)

Versions of packages heimdal-kdc depends on:
ii  debconf [debconf-2.0]    1.5.11          Debian configuration management sy
ii  heimdal-clients          0.7.2.dfsg.1-10 Clients for Heimdal Kerberos
ii  krb5-config              1.16            Configuration files for Kerberos V
ii  libasn1-6-heimdal        0.7.2.dfsg.1-10 Libraries for Heimdal Kerberos
ii  libc6                    2.3.6.ds1-13    GNU C Library: Shared libraries
ii  libdb4.2                 4.2.52+dfsg-2   Berkeley v4.2 Database Libraries [
ii  libhdb7-heimdal          0.7.2.dfsg.1-10 Libraries for Heimdal Kerberos
ii  libkadm5srv7-heimdal     0.7.2.dfsg.1-10 Libraries for Heimdal Kerberos
ii  libkrb5-17-heimdal       0.7.2.dfsg.1-10 Libraries for Heimdal Kerberos
ii  libldap2                 2.1.30-13.3     OpenLDAP libraries
ii  libroken16-heimdal       0.7.2.dfsg.1-10 Libraries for Heimdal Kerberos
ii  libssl0.9.8              0.9.8c-4        SSL shared libraries
ii  logrotate                3.7.1-3         Log rotation utility
ii  netbase                  4.29            Basic TCP/IP networking system

heimdal-kdc recommends no packages.

-- debconf information:
* heimdal-kdc/password: (password omitted)
* heimdal/realm: MCC.AC.GB

My system has a master server and two slaves, which we attempt to
keep in sync using iprop.  The problem is caused because iprop attempts
to resend the same entry many thousands of times; this causes both
/var/log/auth.log and /var/lib/heimdal-kdc/log to grow on the slave
servers, and these quickly fill up over 3gb of log space in a day.
The messages in auth.log read:

     ipropd-slave[8760]: kadm5_log_replay: 2469: Entry already exists in 
database

These repeat and repeat the same errors, often creating over 100,000
error messages in two hours.

I've reported this on the heimdal-discuss mailing list, and tried
the advice I received there: to stop the servers, truncate the logs
using the undocumented truncate_log command (or also simply zeroing
them), recopy the database manually or using hprop, and restarting.
This did not help.  More recently I tried dumping the master data
base (using kadmin dump) then reloading.  This did not appear to
work at first, but my second attempt has produced about half an hour
without a single error.

     -- Dr A O V Le Blanc
     University of Manchester


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to