Kadmin, portmap and mskrb-integ
Luke Howard
lukeh at padl.com
Fri Jan 2 16:58:20 EST 2009
On 03/01/2009, at 5:36 AM, Sam Hartman wrote:
>
>
> Luke has significantly abstracted the networking code of kadmind on
> the mskrb-integ branch.
> However, doing so creates some behavior changes.
>
> On the trunk, if svc_register for the kadmin service fails, then we
> fail to start kadmind. However we do not try to register with
> portmap: the final argument to svc_register is 0.
>
> On the trunk, we try to register iprop and if portmap registration
> fails, we continue anyway.
>
> On mskr b-integ, we try to register everything with portmap, but if
> portmap registration fails, we shut down the RPC service in question
> and continue anyway.
Ah, OK, I obviously didn't look at the original code too closely.
> Unfortunately, portmap registration seems somewhat fragile in
> practice. As a result, you basically never make it through the
> regression tests on the mskrb-integ branch because kadmind will end up
> failing to register its rpc service at once. You also get the very
> confusing situation of a kadmind that is responding to change password
> requests but not RPC requests.
>
> In the interests of making forward progress I'm disabling all
> portmap registrations on the mskrb-integ branch, but this is
> probably not the ideal long-term solution.
>
> I think the abstraction Luke has done is good, but it makes us think a
> bit more about the behavior we want.
We can make RPC registration failure a fatal error, perhaps?
--luke
More information about the krbdev
mailing list