running krb5kdc from xinetd

Leland Wallace randall at apple.com
Wed Feb 25 15:35:34 EST 2004


On Feb 25, 2004, at 11:50 AM, Sam Hartman wrote:

>>>>>> "Leland" == Leland Wallace <randall at apple.com> writes:
<snip>
> The KDC does not support running out of inetd.  Reasons adding this
> support would be a b bad idea include:
> * Setting up the PRNG for key generation
>
> *  The lookaside cache for retransmitting replays
>
> * Binding to both TCP and UDP
>

sounds reasonable,
is there a way to have the kdc launched on demand (not for every  
request, but for 5 min at a time or so, or the replay cache ttl)
possibly separating the PRNG setup to something external? [storing the  
state in a randseed file] (this one probably belongs on the krbdev  
list).
what other fixed initialization is required?

Leland

+----------------------------------------------------------------------- 
------------
Leland Wallace          Working in Core Servers
randall at apple.com   but not speaking for  Apple Computer Inc.
http://homepage.mac.com/randall
+----------------------------------------------------------------------- 
------------




More information about the Kerberos mailing list