Subject: Re: kdc rc.d startup [was: rc.d: time synchronization issues ...]
To: Luke Mewburn <>
From: Jason Thorpe <>
List: tech-userlevel
Date: 03/16/2005 08:30:34
On Mar 16, 2005, at 2:45 AM, Luke Mewburn wrote:

> A question for the kerberos gurus ...
> Does "kdc" need to start so early in the boot process?

kdc provides authentication, potentially for many other services (which 
may or may not know they actually need Kerberos [c.f. PAM], so can't 
really have an explicit dependency).  It is my opinion that "kdc" 
should start as early as possible, and have a "BEFORE: ...", probably 
SERVERS at this stage.

I have been thinking about directory services in NetBSD a bit lately, 
and I think it might make sense to have a DIRECTORY pseudo-service that 
directory service providers (such as Kerberos, DNS, and other things 
associated with them) can BEFORE and that other things can DEPEND.

> What other services start at boot that might depend upon kdc ?
> nfsd ? sshd ? racoon ?
> Various other login servers (started after LOGIN) ?
> Is there any reason that we can't move kdc a bit later,
> to sometime between "SERVERS" and "DAEMON", and explicitly
> depending upon ntpdate?
> Thanks,
> Luke.
-- thorpej