[Bug 278395] security/krb5: KDC has some issues if its LDAP servers are down

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 16 Apr 2024 21:43:12 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278395

            Bug ID: 278395
           Summary: security/krb5: KDC has some issues if its LDAP servers
                    are down
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: cy@FreeBSD.org
          Reporter: lexi.freebsd@le-fay.org
          Assignee: cy@FreeBSD.org
             Flags: maintainer-feedback?(cy@FreeBSD.org)

i might work up a patch for this but i thought i'd submit the bug first in case
you have any ideas.

the problem is this: if KDC is configured with an LDAP backend, and it can't
connect to its LDAP server(s) on startup, it will exit and never restart --
which makes it awkward to run if e.g. slapd and kdc are in different jails.

this also makes me concerned that, if it's running and all its LDAP servers go
down, it might exit and never restart.

so i'm wondering if the rc.d script should start kdc using daemon(8) with -r,
to ensure it's restarted if it exits.  but... it seems like security/krb5
doesn't provide its own init script, it relies on /etc/rc.d/kdc, so this might
be more of a src issue.

-- 
You are receiving this mail because:
You are the assignee for the bug.