Mailinglist Archive: opensuse (3513 mails)

< Previous Next >
[opensuse] Strange kerberos/sasl/xen interaction
  • From: Ralf Müller <ralf@xxxxxxxx>
  • Date: Fri, 9 Jan 2009 19:15:39 +0100
  • Message-id: <2EDDCD4D-1BF3-4FB2-93D1-C16BDF1FAC23@xxxxxxxx>
The day before I tried to fix a "Time went backwards" problem
on our xen domU's. I tried to set /sys/.../clocksource0/ current_clocksource
to "jiffies" instead of "xen" and hoped for the problem to vanish.
What I got was strange: after this modification our kerberos server
randomly decided to reject repeated authentication requests:

# testsaslauthd -u ralf -p <pwd> -R 10
0: OK "Success."
1: NO "authentication failed"
2: NO "authentication failed"
3: NO "authentication failed"
4: NO "authentication failed"
5: OK "Success."
6: NO "authentication failed"
7: NO "authentication failed"
8: NO "authentication failed"
9: NO "authentication failed"

the corresponding log in /var/log/messages:
Jan 9 18:56:21 krb5 saslauthd[3127]: auth_krb5: k5support_verify_tgt
Jan 9 18:56:21 krb5 saslauthd[3127]: do_auth: auth failure: [user=ralf] [service=imap] [realm=] [mech=kerberos5] [reason=saslauthd internal error]

and /var/log/krb5/krb5kdc.log
Jan 09 18:58:50 krb5 krb5kdc[2916](info): DISPATCH: repeated (retransmitted?) request from ...

After I switched back to clocksource=xen I found that the same error
occurs in the traditional setup but much less frequent (1 out of 10
instead of 8 out of 10).

Does anybody has an idea what happens here?

The system is an opensuse 11.0 domU on a 11.0 dom0.

Regards Ralf

Van Roy's Law: -------------------------------------------------------
An unbreakable toy is useful for breaking other toys.

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups