Subject: Re: kdc rc.d startup [was: rc.d: time synchronization issues ...]
To: Jason Thorpe <>
From: Nathan J. Williams <>
List: tech-userlevel
Date: 03/16/2005 12:07:37
Jason Thorpe <> writes:

> kdc provides authentication, potentially for many other services
> (which may or may not know they actually need Kerberos [c.f. PAM], so
> can't really have an explicit dependency).  It is my opinion that
> "kdc" should start as early as possible, and have a "BEFORE: ...",
> probably SERVERS at this stage.

That doesn't sound right. The KDC is principally providing a
network-wide service. The other services in the world trying to use it
have to cope with it not being there while the KDC's host is booting;
other servers that run on the KDC machine (you run other services on
the KDC machine?!?!?!?!) can cope just as well with that as with the
temporary disappearance of a foriegn KDC.

> I have been thinking about directory services in NetBSD a bit lately,
> and I think it might make sense to have a DIRECTORY pseudo-service
> that directory service providers (such as Kerberos, DNS, and other
> things associated with them) can BEFORE and that other things can

Kerberos is not a directory service.

        - Nathan