On Mar 16, 2005, at 2:45 AM, Luke Mewburn wrote:

> A question for the kerberos gurus ...
>
> Does "kdc" need to start so early in the boot process?

kdc provides authentication, potentially for many other services (which 
may or may not know they actually need Kerberos [c.f. PAM], so can't 
really have an explicit dependency).  It is my opinion that "kdc" 
should start as early as possible, and have a "BEFORE: ...", probably 
SERVERS at this stage.

I have been thinking about directory services in NetBSD a bit lately, 
and I think it might make sense to have a DIRECTORY pseudo-service that 
directory service providers (such as Kerberos, DNS, and other things 
associated with them) can BEFORE and that other things can DEPEND.

>
> What other services start at boot that might depend upon kdc ?
> nfsd ? sshd ? racoon ?
> Various other login servers (started after LOGIN) ?
>
> Is there any reason that we can't move kdc a bit later,
> to sometime between "SERVERS" and "DAEMON", and explicitly
> depending upon ntpdate?
>
>
>
> Thanks,
> Luke.
>
-- thorpej