I'm installing lots of 1.6 on lots of servers, and I'm finding that lots
of things are changing.  None of them insurmountable, just a bit of a
pain.

I have the instructions for finishing the Kerberos install from an old
KRB5 webpage I slurped off of the MIT website.  In fact, if I could get
this level of "idiots guide to LDAP", I'd be a happy admin.

Dave


> Sounds indeed like a Kerberos timeout - around NetBSD-1.5 I remember
> su(1) had Kerberos auth by default but it's changed since then.
>
> Have you installed with Kerberos authentication, but not fully completed
> the implementation yet? If this is the case, then the delay for the
> timeout is to be expected, otherwise I'm wondering if the
> Kerberos-by-default is creeping back in.
>
> Note: Kerberos-by-default is a good thing, IMHO, but then the rest of
> the install must also walk one through the configuration :)
>
> --et
>
> On Mon, 9 Dec 2002 18:34:29 -0600 (CST)
> "David Burgess" <burgess@neonramp.com> wrote:
>
>> Good suggestion.  I can reliably get su'ed in with the -K option, but
>> the performance with the Kerberos auth is bad.  I really do need to
>> finish that up.
>>
>> Dave
>>
>> >
>> > Have you tried the -K option for su to prevent a Kerberos
>> authenticate request just to see if it is indeed Kerberos related?
>> >
>> > --et
>> >
>> >
>> >
>> > On Mon, 9 Dec 2002 17:37:17 -0600 (CST)
>> > "David Burgess" <burgess@neonramp.com> wrote:
>> >
>> >> Thanks - I'll get the rest of the systems set up for Kerberos and
>> see if that helps.
>> >>
>> >> Dave
>> >>
>> >> > -----BEGIN PGP SIGNED MESSAGE-----
>> >> > Hash: SHA1
>> >> >
>> >> > "David Burgess" <burgess@neonramp.com> writes:
>> >> >
>> >> >> On a couple of the machines, for no reason that I can fathom,
>> the
>> >> 'su' command takes up to 90 seconds to respond with a 'password:'
>> response.
>> >> >>  Specifically, it happens most often on the primary mail server
>> in
>> >> the
>> >> >> mail cluster, but on other machines as well.  The problem comes
>> and
>> >> goes, but is definitely worse since I started the 1.6 upgrade.
>> >> >
>> >> > I suspect it's doing some sort of magic behind-the-scenes
>> kerberos 5
>> >> server discovery.
>> >> >
>> >> > - --Michael
>> >> > -----BEGIN PGP SIGNATURE-----
>> >> > Version: GnuPG v1.2.1 (NetBSD)
>> >> > Comment: See http://www.flame.org/~explorer/pgp for my keys
>> >> >
>> >> > iD8DBQE99Sh/l6Nz7kJWYWYRAv+4AJ9Mc0ocRz8pph6JF6QSuR5lHRmfrwCfeSkK
>> >> V4lhCKCl/GjbPd92OxC4vhI=
>> >> > =AFJi
>> >> > -----END PGP SIGNATURE-----
>> >>
>> >>
>> >> --
>> >> Dave Burgess
>> >> CTO, Nebraska On-Ramp
>> >> Chief Engineer, Mitec Internet Services
>> >> Bellevue, NE 68123
>> >>
>> >>
>> >>
>>
>>
>> --
>> Dave Burgess
>> CTO, Nebraska On-Ramp
>> Chief Engineer, Mitec Internet Services
>> Bellevue, NE 68123
>>
>>
>>


-- 
Dave Burgess
CTO, Nebraska On-Ramp
Chief Engineer, Mitec Internet Services
Bellevue, NE 68123