[14621] in Kerberos
Re: getting a ktgt on a host with > 32 IP adresses
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Wed Jul 4 17:17:10 2001
To: Marc Richter <mrichter@eu.uu.net>
Cc: kerberos@mit.edu
From: Ken Raeburn <raeburn@MIT.EDU>
Date: 04 Jul 2001 17:15:02 -0400
In-Reply-To: <20010704212016.A6097@dsoserve0.dtm.ops.eu.uu.net>
Message-ID: <tx1lmm4e6qx.fsf@mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
> Problem on a Solaris 2.6 machine:
>
> If I do an kinit on this machine with only the main interface (hme0)
> up, I get my ticket-granting-ticket.
>
> If I then active all VIF's (about 40) kinit fails with the error:
>
> invalid argument while getting initial credentials
Yes, unlike any other operating system I've tried, Solaris returns
EINVAL if the buffer space isn't large enough; however, it has a
different ioctl to query the number of entries actually needed in the
array.
Look at localaddr.c in the latest release or snapshot to see how we're
dealing with it. You can also look at t_gifconf.c in the same
directory for some commentary on the results of testing SIOCGIFCONF on
a number of platforms, and trying to figure out how to determine if
the buffer is big enough. There's an amazing lack of consistency out
there, and some of the results are just plain strange. Often the only
indication you have that the buffer you supplied was actually big
enough is that there's a large unused "gap" at the end after the ioctl
call that the system would've put additional entries into if it had
them -- but on some systems (notably, AIX), the gap can be very large
even if there are more entries to add; 143 is the largest I've seen.
You should be able to just drop in the new version of localaddr.c into
your source tree; it exports only one function, and its API shouldn't
have changed.
You may also want to look at the t_localaddr Makefile.in target, so
you can test that it works on your system before rebuilding and
reinstalling all the Kerberos code.
> (a) could you point me to an URL with a error description and the
> needed patch for krb5 v1.1.1
No, neither is available anywhere. (Well, maybe a URL pointing to an
old email message in an archive somewhere. You could try Google for
that.)
> (b) could you shortly describe how to fix it myself if there is no
> patch that you know of.
If you don't want to take the new version of the file, make the buffer
bigger than you think you'll need, maybe making use of SIOCGIFNUM
(which is Solaris-specific), or just picking some larger fixed number
(which could give the same problem later if you add more VIFs).
> NOTE: upgrading to a higher version is not preferred, only if there
> really is no other way.
Just out of curiosity, why not? Just putting off the work of updating
and re-validating, or have you actually run into problems with newer
versions?
