On Thu, Jun 10, 2010 at 04:49:23PM -0400, Richard Silverman wrote: > On Thu, 10 Jun 2010, Tom Yu wrote: > > > "Richard E. Silverman" <[email protected]> writes: > > > >> In 1.8.1, there is the following code in src/lib/krb5/os/dnsglue.c: > >> > >> krb5int_dns_init(struct krb5int_dns_state **dsp, > >> char *host, int nclass, int ntype) > >> { > >> ... > >> nextincr = 2048; > >> maxincr = INT_MAX; > >> ... > >> > >> One day, due to an error, the number of KDC SRV records for one of our > >> realms doubled from 27 to 54... and KDC lookups via DNS prompty broke. I > >> bumped up the nextincr value above, and it started working again. > >> Probably not the right fix, but just letting you know that there's a bug > >> here. > > > > What platform/OS is this on? A "too-large" response should result in > > res_nsearch() returning the actual size. If it's returning -1 > > instead, I can see it causing trouble. Are you willing to run stuff > > under a debugger to see what res_nsearch() actually returns there? > > Sure; I'll do that as soon as I get a chance. Thanks.
Since your using Solaris, look at using truss to see return codes of user space functions and syscalls. I've included a script which I call truss_krb (which you may want to edit) to make this easier. For debugging MIT binaries I do something like: truss_krb -mit -o /tmp/krb-truss.out /usr/local/bin/kinit For Solaris krb stuff I do: truss_krb -o /tmp/krb-truss.out /usr/bin/kinit etc... -- Will Fiveash Oracle Note my new work e-mail address: [email protected] http://opensolaris.org/os/project/kerberos/ Sent using mutt, a sweet text based e-mail app: http://www.mutt.org/ #!/bin/ksh -p # Default: Solaris libs libs='libdb2,db2,libkadm5clnt,libkadm5srv,libkdb5,libkdb,libgss,mech_krb5' libs=$libs',libnsl' # LDAP plugin libs=$libs',libldap,kldap,libkdb_ldap' # NSS/SSL/SASL for ldap binds libs=$libs',libnspr4,libnss3,libsoftokn3,libsasl,libsecdb' # PKINIT libs=$libs',pkinit' # crypto, note libcrypto is openssl libs=$libs',libpkcs11,pkcs11_kernel,libcryptoutil,libcrypto' # main binary libs=$libs',a.out' me=${0##*/} if [[ $# -lt 2 || $1 == -[h?] ]] then cat >&2 <<-EOF Usage: $me [-mit] [truss flags] <command or -p PID> -mit: does a truss on MIT krb libs By default does: truss -fea -t 'access,stat,open' -u ${libs}:: "\$@" for Solaris gss/krb/pkcs11 libs. EOF exit 1 fi if [[ "$1" == '-mit' ]] then # MIT libs libs='libdb2,db2,libkadm5clnt,libkadm5srv,libkdb5,libgssrpc,libgssapi_krb5' libs=$libs',libkrb5,libk5crypto,libkrb5support,a.out' #libs=$libs',kldap,libkdb_ldap,libldap,libnsl,libsasl' #libs="$libs,kldap,libkdb_ldap,libldap,libnsl,libsasl" #libs="$libs,a.out" #libs="libldap,libkdb5,kldap,libkdb_ldap,a.out" #libs="libkdb5,kldap,libkdb_ldap,a.out" shift fi exec /usr/bin/truss -fea -t 'access,stat,open' -u ${libs}:: "$@" ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
