[00:24:48] --- jaltman has left: Disconnected
[00:24:56] --- jaltman has become available
[01:00:22] --- haba has become available
[03:23:35] --- haba has left
[03:27:19] --- haba has become available
[04:07:10] --- Simon Wilkinson has become available
[04:34:04] --- Simon Wilkinson has left
[04:34:05] --- Simon Wilkinson has become available
[04:47:12] --- haba has left
[04:50:41] --- haba has become available
[05:22:07] --- meffie has become available
[05:23:59] --- haba has left
[06:42:23] --- haba has become available
[07:26:02] --- deason has become available
[07:27:08] <haba> About the  name conversion: Clould the name conversion from v5 to v4 could happen in the client with the heimdal libraries?
[07:27:29] <shadow@gmail.com/owl60DE4E08> uh. no?
[07:27:52] <shadow@gmail.com/owl60DE4E08> the (rxkad, not kdc) server does the name conversion. the client has no
idea what's inside the ticket
[07:29:04] <haba> I suppose the kinit which made the ticket has an idea what's inside?
[07:29:38] <Simon Wilkinson> I _think_ what we're converging on is that old servers will keep doing the same thing. But new servers (which know about the new ptserver RPCs) will treat rxkad with v5 tickets specially, and convert the v5 name into a GSSAPI name before calling the new RPC.
[07:29:48] <Simon Wilkinson> Well kinit knows what it asked for. It doesn't know what it got
[07:29:55] <Simon Wilkinson> (the client can't decrypt the ticket contents)
[07:32:15] <haba> Can the kinit ask for a v4 ticket for rcmd.foo from v5 keytab for host/foo.pdc.kth.se through 5to4 or something?
[07:32:48] <shadow@gmail.com/owl60DE4E08> kinit doesn't make tickets
[07:32:54] <haba> (I am trying to figure out how much legacy I can remove and from where)
[07:33:00] <shadow@gmail.com/owl60DE4E08> kinti doesn't ask the kdc for tickets either
[07:33:16] <Simon Wilkinson> You could use a proxy, like a 5to4 service, or like gssklogd
[07:34:10] <shadow@gmail.com/owl60DE4E08> well, it does for an initial ticket, not a service ticket. but the
ticket you ask for is the one you provide a principal name for.
[07:34:23] <shadow@gmail.com/owl60DE4E08> harald, get krb525 if you want to rewrite the insides of a ticket
[07:34:27] <shadow@gmail.com/owl60DE4E08> (not a typo)
[07:34:49] <shadow@gmail.com/owl60DE4E08> stop looking for weasel ways to deal. you can't have one. krb525,
(gssklogd or krb524d) or suck it up
[07:35:01] <haba> We have this v4_name_convert = { .... } block in most /etc/krb5.conf and I wonder if it is still used somewhere at all.
[07:35:34] <shadow@gmail.com/owl60DE4E08> do you have krb524 configured on the kdc? that uses it
[07:37:16] <haba> a) I want my clients to stop use 524 and I want my KDC stop serving it. I want to get there without breaking too much stuff ;-)
[07:38:37] <shadow@gmail.com/owl60DE4E08> krb525 or gssklogd then
[07:38:38] <haba> But I will not remove any blocks from global krb5.confs 15 minutes before vacation neither.
[07:53:50] --- haba has left
[08:05:30] --- matt has become available
[08:21:15] --- jaltman has left: Replaced by new connection
[08:21:16] --- jaltman has become available
[08:39:26] --- jaltman has left: Disconnected
[08:39:37] --- jaltman has become available
[09:54:26] --- jaltman has left: Disconnected
[09:56:09] --- rra has become available
[10:01:38] --- jaltman has become available
[10:09:33] --- Simon Wilkinson has left
[10:50:16] --- Simon Wilkinson has become available
[12:10:37] --- deason has left
[12:10:37] --- deason has become available
[12:53:30] --- Simon Wilkinson has left
[13:51:52] --- jaltman has left: Disconnected
[14:05:14] --- jaltman has become available
[15:19:47] <kaduk@mit.edu/barnowl> Okay, so in this dump from my 4M-mem-cache machine, my 'cp' that's
hanging is in afs_osi_Sleep(&afs_WaitForCacheDrain).
CacheTruncateDaemon is in:
448                 afs_osi_Wait(100, 0, 0);    /* 100 milliseconds */
[15:21:40] <matt> Why 4M?
[15:22:21] <kaduk@mit.edu/barnowl> Historical artifact.
At some point it had been suggested that I do some testing with a
smaller cache, and I never bumped it back up.
[15:22:42] <matt> um.
[15:23:00] <kaduk@mit.edu/barnowl> If the answer is "don't do that", I can probably ignore it.
[15:24:03] <matt> I think I'd focus on stressing a more typical cache.
[15:40:34] --- deason has left
[15:46:41] <kaduk@mit.edu/barnowl> So, uh, does anybody here know about how arla registers its syscall
for FreeBSD kernels?
[15:57:24] <matt> That's a good question, I don't know offhand tho.  Worth a look.
[15:58:56] <kaduk@mit.edu/barnowl> Hm, looks like I am just getting confused by this "nnpfs" name.
[16:00:23] <kaduk@mit.edu/barnowl> Anyway, they seem to unconditionally frob the
sysent[AFS_SYSCALL].sy_call, so my need is somewhat moot.
[16:02:00] <kaduk@mit.edu/barnowl> (We are using AFS_SYSCALL = 339, which is nominally "pioctl", and
nominally assigned for arla; the method that kib@ suggested for
changing syscalls.master seems to require a function signature for the
table, and I don't know exactly how this will affect arla (whose
syscall is nnpfs_syscall, not pioctl, anyway).)
[16:02:54] <kaduk@mit.edu/barnowl> (dinnertime)
[16:14:38] --- matt has left
[16:42:48] --- jaltman has left: Replaced by new connection
[16:42:49] --- jaltman has become available
[17:50:34] --- matt has become available
[18:34:12] --- rra has left: Disconnected
[19:07:19] --- Russ has become available
[20:18:05] <kaduk@mit.edu/barnowl> Hm, I triggered the warning on line 191 of afs_vnop_write.c
(WARNING: afs_ufswr vp=%lx, exOrW=%d\n", (unsigned long)avc,
               avc->execsOrWriters)
(note that this is actually in afs_MemWrite, despite the text of the
warning)
[20:25:08] --- jaltman has left: Disconnected
[20:25:19] --- jaltman has become available
[23:27:37] --- Russ has left: Disconnected