What is kinit waiting for?
Greg Hudson
ghudson at mit.edu
Mon Dec 14 10:39:33 EST 2015
On 12/14/2015 03:50 AM, Wang Weijun wrote:
> [12207] 1450082324.188447: Received answer (645 bytes) from dgram 127.0.0.1:9090
> [12207] 1450082384.195594: Response was not from master KDC
> As you can see, after "Received answer (645 bytes) from dgram 127.0.0.1:9090", the tool waited for another 1 minute and printed out "Response was not from master KDC". What does this mean? The krb5.conf is simply
> [realms]
> R = {
> kdc = 127.0.0.1:9090
> }
Most likely kinit is performing a SRV query to find out if the response
was from a master KDC, and it is timing out. There are two known
problems at play here:
http://krbdev.mit.edu/rt/Ticket/Display.html?id=7721
http://krbdev.mit.edu/rt/Ticket/Display.html?id=6782
You can suppress the SRV query by defining a master_kdc value in the
realm configuration (there is, unfortunately, no way to say "there are
no master KDCs" at present) or by setting dns_lookup_kdc = false in
[libdefaults].
More information about the krbdev
mailing list