Here is my setup as of now. I have a single master KDC, and 9 slave KDC’s. I have incremental propagation set up at 2m interval, and it works quite well for a little while. At some indeterminate time, KDC’s start getting really far out of sync and I notice that kprop has died on these servers with a SIG ABRT. Any attempt to restart kprop does not start it. The only way I have seen to restart it is to remove principal.ulog file on that mdc and then restart. It then runs just fine.
Couple of thoughts / contemplative questions: - Could this potentially be FD related? I am not running out of FD’s at the time this happens though… - Could this be load related. I am required to run 'kdb5_util dump' every 10 mins to gather data that is then audited. There are about 80k + principals in my DB, but the process takes less than 20 seconds. During this time I wonder if the principal DB is getting locked, and if this is causing kprop/kadmin to get in a very funny state. Is this even a viable concern? Need some help on this before I am forced to go back to old propagation methods. William Clark ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
