PID file ... not readable (yet?)
jwinius at umrk.nl
Sun Nov 5 05:36:43 EST 2017
My network uses KDCs with OpenLDAP backends that run on Debian wheezy.
That's all been working fine for a long time now, but earlier this
year I tried and failed to add a KDC with an OpenLDAP backend based on
Debian stretch (it runs, but can't authenticate properly to the KDC
master -- see thread "KDC 1.15 startup error: Invalid credentials -
while initializing database" starting 13 April 2017). I then set up
another KDC with an OpenLDAP backend based on Debian jessie and that
worked. However, one thing I believe I failed to mention in those
earlier posts was this startup error:
systemd: krb5-kdc.service: PID file /run/krb5-kdc.pid \
not readable (yet?) after start: No such file or directory
Perhaps I didn't mention it because the PID file never fails to appear
and always contains the correct PID, but apparently it does not appear
quickly enough. Does anyone know how to prevent this error? It's not
generated on the jessie system.
The krb5-kdc.service file for my stretch system is as follows:
Description=Kerberos 5 Key Distribution Center
ExecReload=/bin/kill -HUP $MAINPID
ExecStart=/usr/sbin/krb5kdc -P /run/krb5-kdc.pid $DAEMON_ARGS
InaccessibleDirectories=-/etc/ssh -/etc/ssl/private /root
ReadWriteDirectories=-/var/tmp /tmp /var/lib/krb5kdc -/var/run /run
Just today I moved krb5-kdc.service from /lib/systemd/system/ to
/etc/systemd/system/ after modifying it to add the log directory and
ran a "systemctl daemon-reload". I even ensured that the PIDFILE
setting in /etc/init.d/krb5-kdc points to the same name --
/run/krb5-kdc.pid -- but the result remains the same (although I
suspect that in this case /etc/init.d/krb5-kdc is ignored).
So, any idea how to prevent this PID file error?
More information about the Kerberos