Anton Dunaev <tosha...@yandex.ru> writes: > I've MIT Kerberos and OpenLDAP servers in local network domain. OpenLDAP > server is set in such a way that it requires valid Kerberos ticket from > client in order to querying values.
> In such setup client machine obviously shall obtain valid ticket before > domain users can login. This is the problem k5start is supposed to solve > when it is started via nslcd init script. > But when client machine boots k5start dies and reports about failure > contacting KDC server which is surely running and functioning. This > results to unability for domain users to login. With the current version of k5start, you have to ensure that the network is up and running before invoking k5start. If the first authentication fails, the daemon will fail to start. I'm fairly sure the problem you're running into is that the nslcd init script does not arrange to do this. The next release of k5start, as soon as I get a chance to finish it, will continue running even if the initial authentication fails. This appears to be more generally useful behavior. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
