[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: heimdal 0.1d patches: verbose hprop -K, kaserver switch, keytab fallback

In message <xofn2066us0.fsf@blubb.pdc.kth.se>, Johan Danielsson writes:
| "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net> writes:
| >   The main reason for this option is so that heimdal's KDC can be
| >   run in parallel with an existing kaserver in order to transfer the
| >   kaserver.DB0 before shutting down the kaserver and bringing up kdc
| >   as a kaserver.
| Which won't work well, since the (unpatched) kaserver listens to both
| port kerbero5/udp (88), and kerberos/udp (750). So you still need to
| move your kdc to some other port, and then you might as well respond
| to kaserver talk (not that you're gonna get any).

I expected that to be a problem, but it wasn't.  What happened instead was
that the most recently started listener on the port got the packets (which is
why AFS broke; the KDC log showed that it was trying to service KA requests).

I'm guessing that I've discovered a Solaris 2.6 peculiarity....

brandon s. allbery	[os/2][linux][solaris][japh]	 allbery@kf8nh.apk.net
system administrator	     [WAY too many hats]	   allbery@ece.cmu.edu
carnegie mellon / electrical and computer engineering			 KF8NH
     We are Linux. Resistance is an indication that you missed the point.