On Mar 16, 2005, at 9:07 AM, Nathan J. Williams wrote:

> That doesn't sound right. The KDC is principally providing a
> network-wide service. The other services in the world trying to use it
> have to cope with it not being there while the KDC's host is booting;
> other servers that run on the KDC machine (you run other services on
> the KDC machine?!?!?!?!) can cope just as well with that as with the
> temporary disappearance of a foriegn KDC.

...unless the KDC is running a caching name server.  Consider e.g. an 
Open Directory server, that provides DNS, LDAP, and Kerberos services.

>> I have been thinking about directory services in NetBSD a bit lately,
>> and I think it might make sense to have a DIRECTORY pseudo-service
>> that directory service providers (such as Kerberos, DNS, and other
>> things associated with them) can BEFORE and that other things can
>> DEPEND.
>
> Kerberos is not a directory service.

Not by itself, but it is a fundamental component of some directory 
services.

-- thorpej