this is fixed at least in 16.04, from
/lib/systemd/system/krb5-kdc.service.d/slapd-before-kdc.conf:
After=slapd.service
** Changed in: krb5 (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
Thanks you very much for the help! I've added sleep 1 at the end of the
slapd init script and now everything starts fine.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/652433
Title:
Excerpts from Clint Byrum's message of Wed Aug 17 10:56:55 -0700 2011:
Excerpts from Ryan Tandy's message of Wed Aug 17 17:29:36 UTC 2011:
I have noticed that the slapd init script terminates before slapd is
actually ready to accept connections, and I think that is the problem
you're having
Thanks Clint for following up on that. I added the service-operational-
before-detach patch from oneiric to my slapd and from initial testing it
looks like it works as advertised. With that change (and the init
scripts re-ordered) my kdc is now starting properly even on fast
machines.
--
You
I believe that the proposed solution is not enough.
$ ls -l rc2.d/
total 12
drwxr-xr-x 2 root root 4096 2011-08-17 16:18 ./
drwxr-xr-x 102 root root 4096 2011-08-17 15:56 ../
-rw-r--r-- 1 root root 677 2011-06-09 21:46 README
lrwxrwxrwx 1 root root 15 2011-08-09 18:26 S15bind9 -
Excerpts from Fede's message of Wed Aug 17 15:27:24 UTC 2011:
I believe that the proposed solution is not enough.
$ ls -l rc2.d/
total 12
drwxr-xr-x 2 root root 4096 2011-08-17 16:18 ./
drwxr-xr-x 102 root root 4096 2011-08-17 15:56 ../
-rw-r--r-- 1 root root 677 2011-06-09 21:46
I have noticed that the slapd init script terminates before slapd is
actually ready to accept connections, and I think that is the problem
you're having too. In my scripts that stop/start slapd I always have to
insert a 'sleep 1' before I can do any LDAP operations. I've also
noticed that on a
Excerpts from Ryan Tandy's message of Wed Aug 17 17:29:36 UTC 2011:
I have noticed that the slapd init script terminates before slapd is
actually ready to accept connections, and I think that is the problem
you're having too. In my scripts that stop/start slapd I always have to
insert a
Ok, so now I'm confused. This should have been fixed in Debian, as Sam
Hartman shows us, here:
krb5 (1.8.1+dfsg-3) unstable; urgency=high
* CVE-2010-1321 GSS-API accept sec context null pointer deref, Closes:
#582261
* Force use of bash for build, Closes: #581473
* Start slapd before
I'm not against including a patch in the Debian package to reduce Ubuntu
deltas. I want to make sure that things continue to work if inserv is
used as that's where Debian is going. If we can preserve that, I think
that having a patch mostly intended for Ubuntu is fine.
--
You received this bug
Russ Allbery wrote on 2010-09-30:
It's definitely a problem for the KDC to start after the LDAP
server if the LDAP server is using Kerberos for authentication,
which is probably still a more common configuration than
putting the KDC data in LDAP.
I am putting Kerberos Data into an
Clint Byrum:
This is not an opinion. It is a necessity if you like to have stable running
systems. At the moment kdc will not run after a reboot. I suppose this being an
error, not an opinion.
If Ubuntu wants parts of the server market, than change this! A simple reboot
should not break a
Thomas Schweikle 652...@bugs.launchpad.net writes:
LDAP ist robust against kerberos not running at the moment slapd
starts.
I'm not sure that this is the case for an LDAP replica that uses GSS-API
to authenticate to the master, since I believe the very first thing that
slapd does is attempt the
In Debian unstable installing krb5-kdxc-ldap automatically changes the
order. This could be backported.
Clint Byrum cl...@fewbar.com wrote:
Since both services may depend on the other in ways that will break, we
can only support a default configuration.
The server guide currently does not have
Since both services may depend on the other in ways that will break, we
can only support a default configuration.
The server guide currently does not have kerberos depending on LDAP, nor
does it suggest LDAP depend on kerberos.
So, the current configuration is probably sufficient, and
Forgot to say that this is Ubuntu 10.04.
--
Init script dependency error: krb5-kdc starts before slapd
https://bugs.launchpad.net/bugs/652433
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in ubuntu.
--
Ubuntu-server-bugs mailing
Russ, you are right.
But in what case does LDAP performs an authentication using Kerberos on local
machine? I cannot imagine what for can LDAP use local kerberos authentication.
I am not very skilled in all these and my questions may be a little bit stupid
:-[ I just can suppose that Kerberos
infestator bet...@gmail.com writes:
Russ, you are right.
But in what case does LDAP performs an authentication using Kerberos on
local machine? I cannot imagine what for can LDAP use local kerberos
authentication.
The case that's most often cited is if you're co-locating infrastructure
on
18 matches
Mail list logo