Subject: kpasswdd from inetd?
To: None <current-users@netbsd.org>
From: Kevin P. Neal <xyzzy+kpn-bfP5SC@neutralgood.org>
List: current-users
Date: 09/08/2001 23:57:03
Ok, so I just got Kerberos 5 up and running on a test box, thanks
to the excellent documentation at http://www.netbsd.org/Documentation/network
that was recently pointed out on this list. I'm running 1.5.1 on an Alpha.
I've got krb5 (but not krb4) running and it seems to be fine. I can
login and I have krb5 (but not krb4) tickets.
Now for the problems:
I enabled the kerberos-adm and kpasswd services in inetd.conf.
If I change my password with kpasswd then my poor box pauses and swaps
in agony as inetd fires up a couple dozen kpasswdd's. Then kpasswd
either fails with the message "mutual authentication failed" or
it says the password change was successful. Either way I have a couple
dozen kpasswdd's running.
If I run kpasswdd from the command line and disable it in inetd.conf
then everything is peachy. Why is kpasswdd in inetd.conf? Does it
actually work for anyone? Would it be best to run kpasswdd standalone?
Cause I can throw together a quick rc.d script if needed.
Is there a good FAQ for Heimdal Kerberos? The configuration seems to
be identical to MIT Kerberos except when it isn't. The "isn't" part
is what nails me, especially when I try to get Kerberos 4 compat
working (different problem from the kpasswdd issues I think).
--
Kevin P. Neal http://www.pobox.com/~kpn/
"Nonbelievers found it difficult to defend their position in \
the presense of a working computer." -- a DEC Jensen paper