tech-crypto archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: kerb problems (Re: can't migrate master key to Heimdal)



true, the delays aren't that long, they're just mostly an annoyance. and
i've never had kerb configured on here, never even had it on the box at
all until i up'd to 1.5, and thats when it started. i'm willing to bet
that its going to end up being a one line fix in some file somewhere easy
too :-)

apparently Shaded from #netbsd is having the same problem, too.

On Sun, 2 Jul 2000, Frank van der Linden wrote:

> Date: Sun, 2 Jul 2000 12:21:22 +0200
> From: Frank van der Linden <frank%wins.uva.nl@localhost>
> To: one more medicated peaceful moment <dive%endersgame.net@localhost>
> Cc: tech-crypto%netbsd.org@localhost, current-users%netbsd.org@localhost
> Subject: Re: kerb problems (Re: can't migrate master key to Heimdal)
> 
> On Sat, Jul 01, 2000 at 09:56:57PM -0400, one more medicated peaceful moment 
> wrote:
> > I have been having problems with kerberos since going to 1.5 as well, on
> > my system i cant figure out how to make it *not* try and authenticate with
> > kerberos... so login/su/etc all try to find a krb realm and block for a
> > few seconds while they wait for the gethostbyname to timeout. I sent a pr
> > about this and recieved no response, does anyone know how to fix it?
> 
> There are actually 2 parts to this problem. The first part is that
> the code currently isn't capable of detecting whether krb is configured
> or not. The second part was, that timeouts in name lookups where
> long. If you do not have a nameserver configured, the DNS code will
> fall back to localhost. However, because of ICMP rate checks,
> retries will take long (the ICMP error packets enabling the code
> to see that named isn't running are limited in rate).
> 
> Bill Sommerfeld fixed this problem in -current, and the long timeouts
> are now history for me. I assume that this change will be pulled up
> into the 1.5 branch.
> 
> The other problem still needs to be solved, though.
> 
> - Frank
> 

/~~~~~~~~~~~~~~~~~~~~~~~~\
|        sean davis       |
| chief technical officer |
|  black hat networks(r)  |
\________________________/

"Better to be paranoid than to be owned."
        -dive




Home | Main Index | Thread Index | Old Index