Subject: Re: kerb problems (Re: can't migrate master key to Heimdal)
To: Frank van der Linden <frank@wins.uva.nl>
From: one more medicated peaceful moment <dive@endersgame.net>
List: tech-crypto
Date: 07/02/2000 06:24:19
true, the delays aren't that long, they're just mostly an annoyance. and
i've never had kerb configured on here, never even had it on the box at
all until i up'd to 1.5, and thats when it started. i'm willing to bet
that its going to end up being a one line fix in some file somewhere easy
too :-)

apparently Shaded from #netbsd is having the same problem, too.

On Sun, 2 Jul 2000, Frank van der Linden wrote:

> Date: Sun, 2 Jul 2000 12:21:22 +0200
> From: Frank van der Linden <frank@wins.uva.nl>
> To: one more medicated peaceful moment <dive@endersgame.net>
> Cc: tech-crypto@netbsd.org, current-users@netbsd.org
> Subject: Re: kerb problems (Re: can't migrate master key to Heimdal)
> 
> On Sat, Jul 01, 2000 at 09:56:57PM -0400, one more medicated peaceful moment wrote:
> > I have been having problems with kerberos since going to 1.5 as well, on
> > my system i cant figure out how to make it *not* try and authenticate with
> > kerberos... so login/su/etc all try to find a krb realm and block for a
> > few seconds while they wait for the gethostbyname to timeout. I sent a pr
> > about this and recieved no response, does anyone know how to fix it?
> 
> There are actually 2 parts to this problem. The first part is that
> the code currently isn't capable of detecting whether krb is configured
> or not. The second part was, that timeouts in name lookups where
> long. If you do not have a nameserver configured, the DNS code will
> fall back to localhost. However, because of ICMP rate checks,
> retries will take long (the ICMP error packets enabling the code
> to see that named isn't running are limited in rate).
> 
> Bill Sommerfeld fixed this problem in -current, and the long timeouts
> are now history for me. I assume that this change will be pulled up
> into the 1.5 branch.
> 
> The other problem still needs to be solved, though.
> 
> - Frank
> 

/~~~~~~~~~~~~~~~~~~~~~~~~\
|        sean davis       |
| chief technical officer |
|  black hat networks(r)  |
\________________________/

"Better to be paranoid than to be owned."
        -dive