Kadmin, portmap and mskrb-integ

Sam Hartman hartmans at MIT.EDU
Fri Jan 2 13:36:05 EST 2009

Luke has significantly abstracted the networking code of kadmind on the mskrb-integ branch.
However, doing so creates some behavior changes.

On the trunk, if svc_register for the kadmin service fails, then we
fail to start kadmind.  However we do not try to register with
portmap: the final argument to svc_register is 0.

On the trunk, we try to register iprop and if portmap registration fails, we continue anyway.

On mskr b-integ, we try to register everything with portmap, but if portmap registration fails, we shut down the RPC service in question and continue anyway.

Unfortunately, portmap registration seems somewhat fragile in
practice.  As a result, you basically never make it through the
regression tests on the mskrb-integ branch because kadmind will end up
failing to register its rpc service at once.  You also get the very
confusing situation of a kadmind that is responding to change password
requests but not RPC requests.

In the interests of making forward progress I'm disabling all portmap registrations on the mskrb-integ branch, but this is probably not the ideal long-term solution.

I think the abstraction Luke has done is good, but it makes us think a
bit more about the behavior we want.


More information about the krbdev mailing list