Subject: Re: kerb problems (Re: can't migrate master key to Heimdal)
To: Frank van der Linden <email@example.com>
From: one more medicated peaceful moment <firstname.lastname@example.org>
Date: 07/02/2000 06:24:19
true, the delays aren't that long, they're just mostly an annoyance. and
i've never had kerb configured on here, never even had it on the box at
all until i up'd to 1.5, and thats when it started. i'm willing to bet
that its going to end up being a one line fix in some file somewhere easy
apparently Shaded from #netbsd is having the same problem, too.
On Sun, 2 Jul 2000, Frank van der Linden wrote:
> Date: Sun, 2 Jul 2000 12:21:22 +0200
> From: Frank van der Linden <email@example.com>
> To: one more medicated peaceful moment <firstname.lastname@example.org>
> Cc: email@example.com, firstname.lastname@example.org
> Subject: Re: kerb problems (Re: can't migrate master key to Heimdal)
> On Sat, Jul 01, 2000 at 09:56:57PM -0400, one more medicated peaceful moment wrote:
> > I have been having problems with kerberos since going to 1.5 as well, on
> > my system i cant figure out how to make it *not* try and authenticate with
> > kerberos... so login/su/etc all try to find a krb realm and block for a
> > few seconds while they wait for the gethostbyname to timeout. I sent a pr
> > about this and recieved no response, does anyone know how to fix it?
> There are actually 2 parts to this problem. The first part is that
> the code currently isn't capable of detecting whether krb is configured
> or not. The second part was, that timeouts in name lookups where
> long. If you do not have a nameserver configured, the DNS code will
> fall back to localhost. However, because of ICMP rate checks,
> retries will take long (the ICMP error packets enabling the code
> to see that named isn't running are limited in rate).
> Bill Sommerfeld fixed this problem in -current, and the long timeouts
> are now history for me. I assume that this change will be pulled up
> into the 1.5 branch.
> The other problem still needs to be solved, though.
> - Frank
| sean davis |
| chief technical officer |
| black hat networks(r) |
"Better to be paranoid than to be owned."