[36062] in Kerberos
krb5kdc pausing while kdb5_util dumps database
daemon@ATHENA.MIT.EDU (Kenneth MacDonald)
Fri Apr 25 05:39:24 2014
From: Kenneth MacDonald <Kenneth.MacDonald@ed.ac.uk>
To: kerberos@mit.edu
Date: Fri, 25 Apr 2014 10:39:07 +0100
Message-ID: <1398418747.5790.399.camel@ion.is.ed.ac.uk>
Mime-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
We have a (large?) principal database that takes forty seconds to dump
with kdb5_util. While this is going on krb5kdc stops responding to
authentication and ticket requests. It happily continues once the dump
is complete.
We are running MIT krb5 1.12.1 on Scientific Linux 6.
Incremental propagation is turned on, account lockout policy is in
place, and last successful authentication is not written.
We see the same pause whenever a full resync is made, e.g. after a
policy change. This is not surprising as kadmind spawns a kdb5_util
dump for this.
Is this behaviour of krb5kdc to be expected or might we have something
incorrect in our configuration?
Cheers,
Kenny.
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
