Subject: Re: kdc rc.d startup [was: rc.d: time synchronization issues ...]
To: Jason Thorpe <firstname.lastname@example.org>
From: Nathan J. Williams <email@example.com>
Date: 03/16/2005 12:07:37
Jason Thorpe <firstname.lastname@example.org> writes:
> kdc provides authentication, potentially for many other services
> (which may or may not know they actually need Kerberos [c.f. PAM], so
> can't really have an explicit dependency). It is my opinion that
> "kdc" should start as early as possible, and have a "BEFORE: ...",
> probably SERVERS at this stage.
That doesn't sound right. The KDC is principally providing a
network-wide service. The other services in the world trying to use it
have to cope with it not being there while the KDC's host is booting;
other servers that run on the KDC machine (you run other services on
the KDC machine?!?!?!?!) can cope just as well with that as with the
temporary disappearance of a foriegn KDC.
> I have been thinking about directory services in NetBSD a bit lately,
> and I think it might make sense to have a DIRECTORY pseudo-service
> that directory service providers (such as Kerberos, DNS, and other
> things associated with them) can BEFORE and that other things can
Kerberos is not a directory service.