[3637] in Kerberos
V4 corrupted KDC
daemon@ATHENA.MIT.EDU (Alan Crosswell)
Tue Aug 2 14:46:43 1994
To: kerberos@MIT.EDU
Date: 2 Aug 1994 15:56:21 GMT
From: alan@manila.cc.columbia.edu (Alan Crosswell)
Has anyone seen the situation where the v4 KDC principal.pag/dir ndbm
database gets corrupted? It appears that a dbm_next gets a key with
null data and causes whatever invoved kdc_iterate (e.g. kdb_util dump)
to seg fault. Patching the code to ignore the bad record breaks too,
as it apparently inserts a cycle into the sequential list of keys
(probably the garbage or zero data sends dbm_next back to the
beginning....)
I also see a few instances in my admin_server.syslog where a child of
kadmind has seg faulted. Don't have a core dump but hope to have one
next time it happens (ulimit increased for core files and kadmind set
to exit on untimely child death instead of just happily continuing with
a now possibly corrupted KDC).
My KDC has about 108,000 principals in it.
I have a short utility now that copies one (broken) KDC ndbm file to
another (not so broken), given a list of principal name/inst pairs on stdin,
said list coming from the backup KDC and list of changes from
admin_server.syslogs. Seems ndbm can still go direct to all the records
but the bad one without breaking and I didn't want to lose a day's worth
of password changes and adds if at all possible.
/a
