Subject: Re: kdc rc.d startup [was: rc.d: time synchronization issues ...]
To: Luke Mewburn <lukem@NetBSD.org>
From: Jason Thorpe <firstname.lastname@example.org>
Date: 03/16/2005 08:30:34
On Mar 16, 2005, at 2:45 AM, Luke Mewburn wrote:
> A question for the kerberos gurus ...
> Does "kdc" need to start so early in the boot process?
kdc provides authentication, potentially for many other services (which
may or may not know they actually need Kerberos [c.f. PAM], so can't
really have an explicit dependency). It is my opinion that "kdc"
should start as early as possible, and have a "BEFORE: ...", probably
SERVERS at this stage.
I have been thinking about directory services in NetBSD a bit lately,
and I think it might make sense to have a DIRECTORY pseudo-service that
directory service providers (such as Kerberos, DNS, and other things
associated with them) can BEFORE and that other things can DEPEND.
> What other services start at boot that might depend upon kdc ?
> nfsd ? sshd ? racoon ?
> Various other login servers (started after LOGIN) ?
> Is there any reason that we can't move kdc a bit later,
> to sometime between "SERVERS" and "DAEMON", and explicitly
> depending upon ntpdate?