Kadmin, portmap and mskrb-integ

Luke Howard lukeh at padl.com
Fri Jan 2 16:58:20 EST 2009

On 03/01/2009, at 5:36 AM, Sam Hartman wrote:

> Luke has significantly abstracted the networking code of kadmind on  
> the mskrb-integ branch.
> However, doing so creates some behavior changes.
> On the trunk, if svc_register for the kadmin service fails, then we
> fail to start kadmind.  However we do not try to register with
> portmap: the final argument to svc_register is 0.
> On the trunk, we try to register iprop and if portmap registration  
> fails, we continue anyway.
> On mskr b-integ, we try to register everything with portmap, but if  
> portmap registration fails, we shut down the RPC service in question  
> and continue anyway.

Ah, OK, I obviously didn't look at the original code too closely.

> Unfortunately, portmap registration seems somewhat fragile in
> practice.  As a result, you basically never make it through the
> regression tests on the mskrb-integ branch because kadmind will end up
> failing to register its rpc service at once.  You also get the very
> confusing situation of a kadmind that is responding to change password
> requests but not RPC requests.
> In the interests of making forward progress I'm disabling all  
> portmap registrations on the mskrb-integ branch, but this is  
> probably not the ideal long-term solution.
> I think the abstraction Luke has done is good, but it makes us think a
> bit more about the behavior we want.

We can make RPC registration failure a fatal error, perhaps?


More information about the krbdev mailing list