[EMAIL PROTECTED] (Ken Raeburn) wrote in [EMAIL PROTECTED]:">news:[EMAIL PROTECTED]:
> You don't say just what routine is failing, but that error is only > returned from the code for finding the KDC IP addresses. You could > add some debugging-printf code to locate_kdc.c at various points to > see where it might be failing. Also check the realm name that is > supplied -- if that's not right, locate_kdc has no prayer of working. Occurs in krb5_get_in_tkt_with_password, works find for 1000s and 1000s of attempts.... but starts failing when there is a high volume of requests. > You mention using one thread at a time -- is the application doing DNS > stuff (explicitly or via gethostby*) in other threads at the same time > as Kerberos authentication is being attempted? That might confuse > things. In the 1.3 release I'm switching some things over to use > getaddrinfo, which should be thread-safe on many platforms; that might > help. Its a multi-threaded app, with one funnel for kerberos auth - and a mutex around all the kerberos stuff. > If by "high load" you mean "many more threads running", there's a good > chance it's related to the lack of thread safety not just in the MIT > krb5 library, but in some of the C library functions it calls. No by high load I mean very little time between one set of kerberos calls (an entire authentication) and the next set. There is only one auth going on at any given time in this app (which is iPlanet Directory server by the way). -- --- /* Christopher Burke - Spam Mail to [EMAIL PROTECTED] |* www.craznar.com - \* Real mail to cburke(at)craznar(dot)com ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
