Mailinglist Archive: opensuse (3513 mails)
| < Previous | Next > |
[opensuse] Strange kerberos/sasl/xen interaction
- From: Ralf Müller <ralf@xxxxxxxx>
- Date: Fri, 9 Jan 2009 19:15:39 +0100
- Message-id: <2EDDCD4D-1BF3-4FB2-93D1-C16BDF1FAC23@xxxxxxxx>
The day before I tried to fix a "Time went backwards" problem
on our xen domU's. I tried to set /sys/.../clocksource0/ current_clocksource
to "jiffies" instead of "xen" and hoped for the problem to vanish.
What I got was strange: after this modification our kerberos server
randomly decided to reject repeated authentication requests:
# testsaslauthd -u ralf -p <pwd> -R 10
0: OK "Success."
1: NO "authentication failed"
2: NO "authentication failed"
3: NO "authentication failed"
4: NO "authentication failed"
5: OK "Success."
6: NO "authentication failed"
7: NO "authentication failed"
8: NO "authentication failed"
9: NO "authentication failed"
the corresponding log in /var/log/messages:
Jan 9 18:56:21 krb5 saslauthd[3127]: auth_krb5: k5support_verify_tgt
Jan 9 18:56:21 krb5 saslauthd[3127]: do_auth: auth failure: [user=ralf] [service=imap] [realm=] [mech=kerberos5] [reason=saslauthd internal error]
and /var/log/krb5/krb5kdc.log
Jan 09 18:58:50 krb5 krb5kdc[2916](info): DISPATCH: repeated (retransmitted?) request from ...
After I switched back to clocksource=xen I found that the same error
occurs in the traditional setup but much less frequent (1 out of 10
instead of 8 out of 10).
Does anybody has an idea what happens here?
The system is an opensuse 11.0 domU on a 11.0 dom0.
Regards Ralf
--
Van Roy's Law: -------------------------------------------------------
An unbreakable toy is useful for breaking other toys.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
on our xen domU's. I tried to set /sys/.../clocksource0/ current_clocksource
to "jiffies" instead of "xen" and hoped for the problem to vanish.
What I got was strange: after this modification our kerberos server
randomly decided to reject repeated authentication requests:
# testsaslauthd -u ralf -p <pwd> -R 10
0: OK "Success."
1: NO "authentication failed"
2: NO "authentication failed"
3: NO "authentication failed"
4: NO "authentication failed"
5: OK "Success."
6: NO "authentication failed"
7: NO "authentication failed"
8: NO "authentication failed"
9: NO "authentication failed"
the corresponding log in /var/log/messages:
Jan 9 18:56:21 krb5 saslauthd[3127]: auth_krb5: k5support_verify_tgt
Jan 9 18:56:21 krb5 saslauthd[3127]: do_auth: auth failure: [user=ralf] [service=imap] [realm=] [mech=kerberos5] [reason=saslauthd internal error]
and /var/log/krb5/krb5kdc.log
Jan 09 18:58:50 krb5 krb5kdc[2916](info): DISPATCH: repeated (retransmitted?) request from ...
After I switched back to clocksource=xen I found that the same error
occurs in the traditional setup but much less frequent (1 out of 10
instead of 8 out of 10).
Does anybody has an idea what happens here?
The system is an opensuse 11.0 domU on a 11.0 dom0.
Regards Ralf
--
Van Roy's Law: -------------------------------------------------------
An unbreakable toy is useful for breaking other toys.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |