Inittab launching K5start too soon

Jaap Winius jwinius at umrk.nl
Wed May 11 20:05:33 EDT 2011


Hi folks,

The Debian squeeze workstations at my site rely on a combination of  
Kerberos, OpenLDAP and OpenAFS client software to connect to the  
network. It works well enough for me, but the more workstations that  
are added the more often there are complaints of login problems  
immediately after bootup.

This is caused by k5start being launched from /etc/inittab, so it  
begins its attempts to obtain a TGT before the network is available  
and does not initially succeed. This leads to problems for many other  
processes that are started after the network interface, resulting in a  
temporary slew of libnss-ldap related GSSAPI errors (Credentials cache  
file '/tmp/krb5cc_0' not found).

I tell the users that they should try waiting a minute before they  
attempt to log in, or to reboot if that doesn't work. They always get  
in eventually, but I wish I had something more effective to offer.

Any suggestions that might improve this situation would be welcome.

Thanks,

Jaap



More information about the Kerberos mailing list