[EMAIL PROTECTED] (Ken Raeburn) wrote in [EMAIL PROTECTED]:">news:[EMAIL PROTECTED]:
>> I don't get to do ANY rewrites on the main application as it is a >> commercial app (iPlanet Directory server).... all I get to do is write >> a plugin (.so) which the main application loads and runs. > > Sure. I meant development time to help us make the krb5 library more > thread-safe. (Still working on the assumption that that's the source > of the problems.) Me - not a chance, I write C like a monkey paints portraits. I program in many languages, but avoid C at all costs. It normally takes me 10-50 times as long to write stuff in C as it does in any other language... > Otherwise, your best bet may be to fork off one or more slave > processes you can pass name/password strings to and get back > success/failure indications. If you can keep it localized within the > Kerberos parts of the plugin, you should be able to switch back to the > one-process form without too much pain later on when the thread safety > issues have been dealt with. I think you indicated that you were > doing this earlier: Looking at doing that... but in C, I might as well be a monkey waiting to paint the mona-lisa. >> Don't know for sure yet... but that latency between calls seems to be >> the issue - but only on this 1 call at a time application. The multi >> threaded apps that fork out multiple kerberos 5 auths work fine. > > Just to be crystal clear -- this was using fork() to create new > processes with separate address spaces to do the Kerberos work, and > not a casual reference to splitting the control flow by creating more > threads, right? That's certainly the easy way to sidestep the thread > safety problems. And if you're using slave processes that stick > around and process lots of requests, even better, overall it'll save > on fork and process startup costs. It was actually an application which I ran hundreds of time - showed up 100s of times in a ps list etc. Problem is converting this plugin to fork new processes each time is a little beyond me at this point. But at least we have worked out the problem.... would specifying the machines as IP addresses in the krb5.conf file help at all ? -- --- /* Christopher Burke - Spam Mail to [EMAIL PROTECTED] |* www.craznar.com - \* Real mail to cburke(at)craznar(dot)com ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] http://mailman.mit.edu/mailman/listinfo/kerberos
