[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: heimdal 0.1d patches: verbose hprop -K, kaserver switch, keytab fallback
In message <email@example.com>, Johan Danielsson writes:
| "Brandon S. Allbery KF8NH" <firstname.lastname@example.org> writes:
| > The main reason for this option is so that heimdal's KDC can be
| > run in parallel with an existing kaserver in order to transfer the
| > kaserver.DB0 before shutting down the kaserver and bringing up kdc
| > as a kaserver.
| Which won't work well, since the (unpatched) kaserver listens to both
| port kerbero5/udp (88), and kerberos/udp (750). So you still need to
| move your kdc to some other port, and then you might as well respond
| to kaserver talk (not that you're gonna get any).
I expected that to be a problem, but it wasn't. What happened instead was
that the most recently started listener on the port got the packets (which is
why AFS broke; the KDC log showed that it was trying to service KA requests).
I'm guessing that I've discovered a Solaris 2.6 peculiarity....
brandon s. allbery [os/2][linux][solaris][japh] email@example.com
system administrator [WAY too many hats] firstname.lastname@example.org
carnegie mellon / electrical and computer engineering KF8NH
We are Linux. Resistance is an indication that you missed the point.