Hi,
at RZG, there is a strange behaviour of klog. Whenever one of the afs db-servers is down, you have to wait a full timeout before you got a token. This shouldn't happen, because klog chooses one server at random, so in my case (3 servers), 66% should not timeout. In fact, 100% wait for a timeout.
Here the version-details : Distribution: SLES9 klog from openafs 1.3.80 (doesn't really matter) kaserver : heimdal 0.6.3 - kdc
The problem is, that heimdal 0.6.3 does not support the rx-call KAA_AuthenticateV2, but only KAA_Authenticate. "klog", however tries first KAA_AuthenticateV2 on all known servers (in random order), then switches back to KAA_Authenticate.
Thus, you always have to wait one timeout.
Looking at the source, the solution turned out to be trivial :
KAA_Authenticate is exactly KAA_AuthenticateV2 except the op-field in the header is different.
The easiest solution is then to patch heimdal to treat KAA_AuthenticateV2 in the same way as
KA_Authenticate:
[EMAIL PROTECTED]:src>diff -u heimdal-0.6.3/kdc/kaserver.c heimdal-0.6.3/kdc/kaserver.c.
--- heimdal-0.6.3/kdc/kaserver.c 2003-10-06 23:02:35.324554230 +0200
+++ heimdal-0.6.3/kdc/kaserver.c. 2005-04-14 17:47:40.415265408 +0200
@@ -828,6 +828,8 @@
case GETPASSWORD :
case GETRANDOMKEY :
case AUTHENTICATE_V2 :
+ do_authenticate(&hdr, sp, addr, reply);
+ break;
default :
make_error_reply (&hdr, RXGEN_OPCODE, reply);
break;
(Hopefully a heimdal-developer reads this, otherwise I can report it there as well)
The question is, why are there two versions of KAA_Authenticate ?
I look in our afs-src trees revealed this situation hasn't changed since 1998 (afs 3.4)
Shouldn't we just dump KAA_AuthenticateV2 altogether, or is it used somewhere else ?
I don't have a clue what's going on with the krb5-integration, so I don't know how much work I/we should put into fixing this stuff.
Christof
-- There is always an easy solution to every human problem -- neat, plausible and wrong. H. L. Mencken ----------------------------------------------------------------- Christof Hanke e-mail [EMAIL PROTECTED] RZG (Rechenzentrum Garching) phone +49-89-3299-1788 Computing Center of the Max-Planck-Gesellschaft (MPG) and the Institut f�r Plasmaphysik (IPP)
_______________________________________________ OpenAFS-devel mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-devel
