root login
eichin-krb@thok.org
eichin-krb at thok.org
Wed May 8 11:38:51 EDT 2002
> The master or the slave? You do have a slave KDC, of course... ;-)
That helps if the *machine* dies, but not if the kdc process does --
if it's a KDC bug that caused the crash, and it's one triggered by a
normal client, send_to_kdc (well, the b5 equivalent) will merrily
resend the same deathgram to all of your kdcs. "oops" Having init
restart them can help, if you're keeping a stash file around anyway.
Having an openssh-based back door (as long as you're keeping that
up-to-date too) has some value as well, if you *really* want to avoid
going to the machine in person...
More information about the Kerberos
mailing list