Subject: Re: kerb problems (Re: can't migrate master key to Heimdal)
To: one more medicated peaceful moment <dive@endersgame.net>
From: Frank van der Linden <frank@wins.uva.nl>
List: tech-crypto
Date: 07/02/2000 12:21:22
On Sat, Jul 01, 2000 at 09:56:57PM -0400, one more medicated peaceful moment wrote:
> I have been having problems with kerberos since going to 1.5 as well, on
> my system i cant figure out how to make it *not* try and authenticate with
> kerberos... so login/su/etc all try to find a krb realm and block for a
> few seconds while they wait for the gethostbyname to timeout. I sent a pr
> about this and recieved no response, does anyone know how to fix it?
There are actually 2 parts to this problem. The first part is that
the code currently isn't capable of detecting whether krb is configured
or not. The second part was, that timeouts in name lookups where
long. If you do not have a nameserver configured, the DNS code will
fall back to localhost. However, because of ICMP rate checks,
retries will take long (the ICMP error packets enabling the code
to see that named isn't running are limited in rate).
Bill Sommerfeld fixed this problem in -current, and the long timeouts
are now history for me. I assume that this change will be pulled up
into the 1.5 branch.
The other problem still needs to be solved, though.
- Frank