Russ Allbery <[EMAIL PROTECTED]> writes: > Simon Josefsson <[EMAIL PROTECTED]> writes: > >> The --background parameter to start-stop-daemon appear to work, and seem >> to be the fastest way to solve this problem, so I propose to do it that >> way. Do you see any problem with this? I've asked the original >> reported to test it. > > It's fine as a short-term solution; the problem with it in the longer term > is described in the start-stop-daemon man page. (It means that the init > script can't detect errors in startup.)
Yup. I looked into it quickly, and it wasn't clear where to do the fork(). The obvious place to do it is right before the call to kdc_loop() in shishid.c, but if GnuTLS is used, the Diffie-Hellman parameters are generated before that, and that can take a while. Thus, it may yield faster startup times to move fork() earlier, but I couldn't find an obvious place then. I think I'll implement my first idea now, and if the delay for generating the D-H parameters is causing problems for someone, then add a way to store the D-H parameters on disk. The proper design is actually to have a separate process generate the D-H parameters every 12th hour or so, and not have shishid generate them at all, and have the second process send a SIGHUP to shishid to have it re-read the parameters. Currently the D-H parameters are used until you re-start shishid which isn't good (although compared to everything else, rather unimportant). Btw, I'm making progress on pre-auth support... it won't be perfect (non-default salt's won't be supported initially) but I hope to get it into 0.0.24 and release that soon. Thanks. _______________________________________________ Help-shishi mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-shishi
