Using k5start with replacement init daemons
Russ Allbery
rra at stanford.edu
Mon Jul 5 20:31:05 EDT 2010
Jaap Winius <jwinius at umrk.nl> writes:
> This is my /etc/init/kstart.conf that I used on Kubuntu lucid:
> start on filesystem
> stop on runlevel S
> expect fork
This doesn't look right. k5start doesn't fork unless you use the -b flag
to tell it to daemonize itself.
> The logs did report that k5start had been started, but that it was
> unable to resolve any KDC addresses.
Then what happened?
Not being able to do the initial k5start would have caused it to exit, at
which point it should have been respawned. Did that happen?
> Indeed: Natxo Asenjo mentioned two such solutions earlier. It's an
> interesting approach, but really meant for laptop users who can usually
> log in. For desktops with local home directories, it might be useful as
> a temporary workaround, but not as a serious solution in a production
> environment. In addition, I suspect that my use of OpenAFS can only make
> this approach less likely to succeed. With an OpenAFS laptop, that's why
> it's so important to have a network connection in the first place:
> without one, there is no home directory to log into.
You really can't use a system with AFS home directories where the system
cannot get a network connection until after the user authenticates.
Unless I'm missing something, that's an entirely unsolvable chicken and
egg problem. You need to resolve that one way or the other.
> In the mean time, I've re-installed my desktop using Debian squeeze
> instead: it may not be as polished, but at least I could get Kerberos,
> OpenLDAP and OpenAFS to work on it without any problems.
I'm certainly not going to dissuade you from using Debian instead of
Ubuntu; I consider Debian to be the superior distribution. :)
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list