SUMMARY: NIS+ won't let users in !!!

From: Luis M Ibarra (
Date: Fri Apr 21 1995 - 22:53:49 CDT

        The original problem:

        Once in a while, users under control of NIS+, were unable to
login in the system, they got messages of incorrects logins, and I
couldn't see the users passwords with NIS+ utilities.

        Diagnostic (from patch 101620-01's README file):

        Problem 1156333: keyserv has a file descriptor leak.

        keyserv runs out file descriptors.

        The client-side to keyserv (in libnsl) caches one client
handle/per process thread. It tries to use COTS_ORD as the loopback
transport to talk to keyserv - which means that keyserv will have an
open fd for every client handle that is cached (and using
COTS/COTS_ORD transport). Now, every nis+ lookup requires at least one
rpc call to keyserv (two if the session key is not already
established); this means all the getXXbyYY calls made by csh,
sendmail, nis_cachemgr, .... (almost all the processes running on the
server). So, we need to increase the fd limit (currently 64) to the
maximum allowed (1024).

        This patch "solves" the problem, BUT *grin*...

        the file descriptor leak IS NOT fixed, Sun's solution was getting
the file descriptor limit to 1024, so, we can expect this
problem to reapear in the future, Gene Loriot (
mentions that the patch 101318-70 also solves the problem, I didn't
try this patch because 101620-01 seems to work fine, and I'm out of time :).

        We are waiting for Sun to made public a patch for their patch :)...

        I want to thank the following people for their help...


   Neil Rickert <> point me to 101620-01 patch.
   Gene Loriot <> point me to 101318-70 patch.
   Normand Ranger <rangern@CIRANO.UMontreal.CA> point me to 101620-01 patch.


This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:22 CDT