Inittab launching K5start too soon
Jaap Winius
jwinius at umrk.nl
Wed May 11 20:05:33 EDT 2011
Hi folks,
The Debian squeeze workstations at my site rely on a combination of
Kerberos, OpenLDAP and OpenAFS client software to connect to the
network. It works well enough for me, but the more workstations that
are added the more often there are complaints of login problems
immediately after bootup.
This is caused by k5start being launched from /etc/inittab, so it
begins its attempts to obtain a TGT before the network is available
and does not initially succeed. This leads to problems for many other
processes that are started after the network interface, resulting in a
temporary slew of libnss-ldap related GSSAPI errors (Credentials cache
file '/tmp/krb5cc_0' not found).
I tell the users that they should try waiting a minute before they
attempt to log in, or to reboot if that doesn't work. They always get
in eventually, but I wish I had something more effective to offer.
Any suggestions that might improve this situation would be welcome.
Thanks,
Jaap
More information about the Kerberos
mailing list