-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We're running a krb5-1.3.4 KDC on a Solaris 8 Ultra-10 box with 384Mb of real memory. Our database has about 280K principals (it's about 250Mb in size). Lately, we've been seeing problems with kadmin responses, in particular timing out on long requests (e.g., listprincs *) and sometimes even upon initial kadmin connection.
Are there any known issues with 1.3.4 kadmind and memory? I notice that when I have a kadmin/kadmind session in progress, kadmind will show (according to 'top') resident memory usage at over 100M, which I guess might put a strain on a 384Mb RAM machine. But I also wonder if the (ever growing) size of our database might be exacerbating this problem. Suspecting a possible memory leak, I've restarted kadmind, but the problem returns right away, though it is always intermittent and may be a function of the load (authentication transactions). Any ideas? Would increasing real memory on the machine solve this problem? I should mention that for years I've been carrying a mod that increases the RPC timeout value from 25 seconds to 180 seconds. This has always been necessary to allow a listprincs, given the size of our db. When I issued a listprincs on the KDC itself (as root), using kadmin.local, I didn't get a timeout (of course), but it took a long time (over 3 minutes, presumably) and while it was running, the KDC logs showed an absence of normal authentication activity, which was then taken up by the slave KDC. So, this is not just an RPC timeout issue, but one (I think) having to do with kadmind performance. Since this problem appears to have started only recently, I suspect that the size of the database is what's triggered it. But I'm also wondering if something else is afoot. Any ideas or suggestions appreciated. Thanks. Mike _____________________________________________________________________ Mike Friedman System and Network Security [EMAIL PROTECTED] 2484 Shattuck Avenue 1-510-642-1410 University of California at Berkeley http://ack.Berkeley.EDU/~mikef http://security.berkeley.edu _____________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQA/AwUBQmVMt60bf1iNr4mCEQKUYQCgp+oNloqxm5lqkrxzlLQeWzOnx4AAoNZR iP4q5YFLc9drC+YsWpD0MNne =FgBN -----END PGP SIGNATURE----- ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos