Jason Thorpe <thorpej@shagadelic.org> writes:

> kdc provides authentication, potentially for many other services
> (which may or may not know they actually need Kerberos [c.f. PAM], so
> can't really have an explicit dependency).  It is my opinion that
> "kdc" should start as early as possible, and have a "BEFORE: ...",
> probably SERVERS at this stage.

That doesn't sound right. The KDC is principally providing a
network-wide service. The other services in the world trying to use it
have to cope with it not being there while the KDC's host is booting;
other servers that run on the KDC machine (you run other services on
the KDC machine?!?!?!?!) can cope just as well with that as with the
temporary disappearance of a foriegn KDC.

> I have been thinking about directory services in NetBSD a bit lately,
> and I think it might make sense to have a DIRECTORY pseudo-service
> that directory service providers (such as Kerberos, DNS, and other
> things associated with them) can BEFORE and that other things can
> DEPEND.

Kerberos is not a directory service.

        - Nathan