1.13 Replication enhancements - rbasch/krb5 GitHub Wiki

These are similar to the replication enhancements developed for Kerberos 1.12; only a portion of the enhancements were incorporated by MIT into 1.13 alpha1 & beta1.

Replication enhancements:

Do not require the database "first serial number" to be present in the ulog. See http://k5wiki.kerberos.org/wiki/Projects/Hierarchical_iprop#Related_problems (item #2)

Commit: https://github.com/rbasch/krb5/commit/ce238c4a19e117caedc7ce53f4780270b86d521c (obsolete) https://github.com/rbasch/krb5/commit/d9ec51d87f9fc4e1592423bf7562895fad2752c2 (revised)

Notify downstream slaves of pending ulog updates.

  • When kpropd contacts an upstream kadmind for an iprop retrieval, kadmind will remember the slave to notify it of future ulog updates.
  • After kpropd applies iprop updates, it will contact the local kadmind (iprop service) using the NULLPROC procedure to initiate a notification to downstream slaves. On the master, after a write operation, downstream slaves will be notified.
  • kadmind will notify downstream slaves by calling kprop (new option -N) to notify each downstream slave of pending updates. Notification will use the error protocol (sending a generic error instead of a dump).
  • kpropd, upon receiving an error notification via the full resync thread, will notify the iprop thread by sending a USR1 signal, which will cancel the timer until the next iprop retrieval.

Possible improvements:

  • If kadmind had the combined functionality of kadmind, kpropd, and kprop, the inter-process communication would be simplified.
  • The notify function currently uses KRB5KRB_ERR_GENERIC to the remote kpropd instead of a new error code dedicated for ulog update notifications. Older kpropd versions would not otherwise be able to display a meaningful error. However, other "generic errors" may result in excessive iprop polling from the slave (however, I have never seen a "generic error" in regular operations).

Commit: https://github.com/rbasch/krb5/commit/db0c450f6c09f4623bff3c3aff16794ba4e2c763 (obsolete) https://github.com/rbasch/krb5/commit/f4ed3369f2c7a0ec6d834f46677d8ffc4e2223f4 (revised)