[3167] in Kerberos-V5-bugs
pending/796: NASA use of MIT Kerberos?
daemon@ATHENA.MIT.EDU (Baker, William)
Thu Dec 23 16:30:06 1999
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: gnats-admin@rt-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, "Baker, William" <william.baker@lmco.com>
Message-Id: <59D51330D936D2119F250000F8046412039F1390@EMSS02M17.ems.lmco.com>
Date: Thu, 23 Dec 1999 14:29:09 -0700
From: "Baker, William" <william.baker@lmco.com>
To: "'MIT Kerberos Bugs'" <krb5-bugs@MIT.EDU>
>Number: 796
>Category: pending
>Synopsis: NASA use of MIT Kerberos?
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: gnats-admin
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Dec 23 16:30:00 EST 1999
>Last-Modified:
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
Request for information...
1. We are using at NASA/JSC version 5, release 1.0 of Kerberos,
compiled for OSF Version 4.0D.
2. We were previously using a version of Kerberos sold by Digital
Equipment Corporation.
3. In using the new MIT version we have noticed some differences.
a. During build of the principal database, and extract
operations on the principal database, the krb5 KDC daemon disconnects from
the database.
b. During srvtab extraction from the database, the size of the
principal database grows, and seems to contain new information. This causes
old srvtab files to not be in synch with the principal database.
4. We are using kadmin.local now in place of the DEC kdb5_edit utility
for the build of the principal database, and the extraction of the srvtab
files.
5. We are using the "glob" function under kadmin.local to extract large
groups of principals for the srvtab files.
We would appreciate some insite into why the KDC daemon disconnects from the
principal database, and its impact on real-time kerberos database queries,
We would like to understand why the extraction process causes the principal
database to grow, and why it results in old srvtab files no longer being
usable. Any possible workarounds for the srvtab and KDC problems would be
appreciated. A general explanation of how these systems work together, with
respect to kadmin.local, and any specifics regarding the items 1-4 listed
above would be helpful.
Bill Baker
Email ID: Baker, William
SMTP: william.baker@lmco.com
Lockheed-Martin, CSOC Contract.
