issue with MIT KDC and LDAP DS

[Ken Raeburn]

BTW, getting back on track with Will's idea:

As originally stated, I think it's a good idea and an improvement over  
the current status, and should be implemented.  Minor points: We might  
want the option for the KDC to be silent instead of returning an  
error.  And, as I mentioned in a paragraph buried in the middle of my  
Saturday ramblings^H^H^H^H^H^H^H^H^Hemail, LDAP server unavailability  
might be a "tempfail" situation, but I think we still want hard  
failures (i.e., KDC errors out) for cases like the DB2 database not  
existing, or the LDAP server being available but the KDB data not  
being there.

Improvements like the "background" reconnection Jeff suggests would  
also be good but can wait for later, and possibly be examined in a  
larger-scale redesign.

-- 
Ken Raeburn / raeburn at mit.edu / no longer at MIT Kerberos Consortium