Subject: Re: kdc rc.d startup [was: rc.d: time synchronization issues ...]
To: Luke Mewburn <lukem@NetBSD.org>
From: Ken Hornstein <firstname.lastname@example.org>
Date: 03/16/2005 10:42:31
> | 3. forget about problems with time in kdc or named. (I'm not really
> | serious here)
>A question for the kerberos gurus ...
>Does "kdc" need to start so early in the boot process?
FWIW, our KDC here (on a Solaris box) starts as the very last process (or
one of the very last).
>What other services start at boot that might depend upon kdc ?
>nfsd ? sshd ? racoon ?
>Various other login servers (started after LOGIN) ?
Generally, daemon services don't have to talk to the KDC, so they don't
have an explicit dependency (racoon might be the exception).
>Is there any reason that we can't move kdc a bit later,
>to sometime between "SERVERS" and "DAEMON", and explicitly
>depending upon ntpdate?
I can't think of a reason why not. I suspect that if the time was changed
out from under the KDC, it would simply adapt.