Subject: Re: kdc rc.d startup
To: Luke Mewburn <lukem@NetBSD.org>
From: Love <lha@NetBSD.org>
List: tech-userlevel
Date: 03/16/2005 17:15:26
--=-=-=
Luke Mewburn <lukem@NetBSD.org> writes:
> On Wed, Mar 16, 2005 at 10:24:20AM +0000, Alistair Crooks wrote:
> | 3. forget about problems with time in kdc or named. (I'm not really
> | serious here)
>
> A question for the kerberos gurus ...
>
> Does "kdc" need to start so early in the boot process?
Its better to start later when its correct time the start early. Since we
don't use krb5-u2u gssapi in racoon, doesn't need to talk to the kdc to
accept connection, but it will need a KDC to initiate them (assuming
traffic in protected by ipsec/gssapi)
current nfs doesn't depend on kerberos, bug nfs4 might depending on setup,
but again, only as a client and not as server.
Love
--=-=-=
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (NetBSD)
iQIVAwUAQjhboBZyDLTSep3UAQJnFg/+NsXUssZTDodp3gsMysHow7X1d16ZTnVH
C6wLn8ghKVkea4VgjDhePDkI2IvS6vXhzL+tTyJbh7NKvYvcZnlozq4wKc1RFi5P
cI7wii9YEjfx+li3DV519zhgnWfuj527uGRTHxvhaVX+VwVHGQGTbaAAPwQytE4x
LeCL2nOf6HUZAy190WVDrxJJEwVxPusRL9HYlr1GSx+8PS3IrpxuI22Bar8jEkrO
i44VJoo7oClE+8ZPwHqgkZhmK7B5//9xI/61jZZrpNILa04xMKLHyaIuo1dhvV4M
IyVuJTlKJQXxwSGLsVzQ/tN5vWEqVmmAq5MlTYPIOn8jS1zmcxIxTz+RGf/FZ4nS
VCBB7vUGJHP1Tvr1otlauWGfDEwZ2QyoXoERdEdwZG436lszruQK534NPNOoTKgm
iGpg9nQnfe/Rmrvz7z2BOvq6yuFCyjsU+kLIopHANb9mViL1EM+wCNx1AuBwDsJd
00aZGhc5b/hieaZLZr/rlBYbW5CgPo/UqMPNcwRU0w8IRM4zJaEk6XRLCSi8pVkx
ydz9BIAv+2Y/JwU3ENZZWHnfYPryiiJX+yIwZnirorAbG3NwvwhvXFB+IU6AFAVD
QB4ofnMXcwUWIOLMAEgAylAmOymXGUPMxXfhXp5iRu8Qtv6PeaiRnuhNWtTMELdY
qkwv5s7cve8=
=CQ/3
-----END PGP SIGNATURE-----
--=-=-=--