On 11/3/2011 8:26 PM, Greg Hudson wrote: > Producing a good log message will take a bit of actual work, but fixing > the error handling is a trivial patch, which I've attached (not tested, > but it's very simple).
Cool, thanks, I'll recompile with this change. After some thought, I'm pretty confident that the underlying failure is due to locking contention, so a good log message would most likely only confirm that, and given there is no resolution for that yet, not be of much use. But this fix should keep multiple kadmin processes from contending against each other, and eventually the dump should succeed, which will fix my main problem. Looks like my bug report did go through, it was assigned #6998; if this will be the official fix for the problem, if you'd be so kind as to attach it to that bug report I could probably get my distribution to include the patch in their release version pending inclusion in an upstream release. > That's a good theory. I don't know if you've been involved in previous > discussions about our DB2 locking, but since POSIX doesn't provide a way > to acquire a file lock with a timeout, we just try once a second for > five seconds, which doesn't provide any kind of fairness guarantee, > unfortunately. I don't think I've ever discussed locking in the context of Kerberos, but having implemented similar mechanisms in other projects in the past I know exactly what you're talking about <sigh>. When I get time, I was going to look at the LDAP backend. kadmind is about the last single point of failure in our identity management infrastructure (we currently have a single openldap master, but should be converted to mirror mode multimaster by the end of the year). Is it possible with the LDAP backend to have multiple active kadmin servers for fault tolerance? If the client doesn't know how to try and talk to multiple ones in case of failure, would it work to have multiple kadmin servers behind a hardware load balancer? Thanks much... -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | [email protected] California State Polytechnic University | Pomona CA 91768 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
