The following sequence of events results in slave B having a stale HDB:
- slave A connects to master, master dumps HDB for the slave
- kadm5 operations
- slave B connects to master, master sends previously dumped HDB
slave B won't discover any updates until the next transaction.
The fix is simple: the slave should immediately call ihave() after
receiving a complete HDB.
Bugs exposed by 61720a0:
- test_context --client-name=... --mech-type=ntlm ... fails;
- gss_acquire_cred() with desired_mech=NTLM and
desired_name==GSS_C_NO_NAME fails;
- gss_init_sec_context() with non-default cred handle calls the
mechanism even when the given cred handle has no element for the
requencet mechanism.
tests/gss/check-ntlm works by accident: gss_acquire_cred() with
desired_mechs==GSS_C_NO_OID_SET succeeds mostly because there are
Kerberos credentials available, and then the subsequent
gss_init_sec_context() call works because of the third bug described
above.
This utility, inspired by the old SunOS 4.x intr(8) utility, will be
used to start daemons with --detach and a timeout, like this:
intr -t 5 kdc --detach || { echo failed to start kdc; exit 1 }
This will allow tests to stop having to sleep poll for "started" output
from the daemons they start, allowing them to run faster and to impose a
reasonable timeout on daemon startup.
The default timeout is 3 seconds.
It's not ready to always be run. First, it's slow. Second, it tortures
the system. Third, it doesn't look for signs of failure. Fourth, if it
did it'd fail: because something about the racing is causing the KDC to
think that the foo principal doesn't exist.
On NetBSD /bin/sh with vfork() is noticeably faster than /bin/bash,
and in particular the reader manages to read the the database before
slave replication completes.
...rather than the authenticated principal's realm section. We do
this both to maintain compatibility with MIT and because it makes
more sense. We should likely also fix the auth_to_local_names as
cursory inspection reveals that it has the same incompatibility.
