ping for kdc utility?
Thomas Kula
kula at tproa.net
Wed Apr 2 19:15:28 EDT 2014
On Wed, Apr 02, 2014 at 09:19:00PM +0200, Wang Shouhua wrote:
> Is there such an utility which can issue a "ping" (null command) to
> the kdc to see if it is still responding?
>
The last time I was responsible for such a thing, I wrote a script that
did the following:
- Using a keytab, change the password of a test principal to a known
random string.
- Wait some minimally acceptable replication delay interval.
- Using a specially crafted krb5.conf file for each kdc (disable dns
lookups, the only kdc listed in each conf file was the kdc I was
testing), try to get a ticket for the test principal using that known
random string.
This verified that enough of the master KDC was working to change
passwords, that the changed password was making it to each KDC, and that
each KDC could deliver at least a TGT.
I believe I used one of the Perl kerberos libraries --- Perl isn't my
first choice of scripting languages, but it had all the things I needed
and wasn't C. For all I know, this may still be running at my last job.
It used to be in a publically accessable CVSweb repo, but apparently
that's no longer working....
I did run into a problem at some point, either rolling over the KVNO on
the test principal, or it getting large enough that something making a
stupid assumption broke; I don't remember which. Deleting and
re-creating the principal fixed that.
--
Thomas L. Kula | kula at tproa.net | http://kula.tproa.net/
More information about the Kerberos
mailing list