On Sat, 5 Sep 2015, Kevin Otte wrote: > krb5kdc fails to bind to the IPv6 addresses on the system at startup. > Workaround is a manual service restart on every boot.
It seems that this is fallout from systemd's ideas about starting up the network, since the KDC just loops over the available interfaces once at startup, as befits a service intended to be deployed on a dedicated server in a controlled network. It looks like the krb5-kdc unit implicitly depends on network.target, but not network-online.target. The documentation for network-online.target is unclear about whether it will wait for the v6 addresses to be up or just continue once there's a single routable address, v4 or v6, but it's probably worth trying. I think the easiest way to do so would be to add a file /etc/systemd/system/krb5-kdc.d/networkd-online.conf with the contents: [Unit] After=network-online.target If that helps, we should probably add the network-online.target dependency to the distributed krb5-kdc.service. Thanks, Ben Kaduk
