Russ Allbery wrote on 2010-09-30: > It's definitely a problem for the KDC to start after the LDAP > server if the LDAP server is using Kerberos for authentication, > which is probably still a more common configuration than > putting the KDC data in LDAP.
I am putting Kerberos Data into an LDAP-Server since this is possible. Kerberos depends on LDAP, but it doesn't mater if kerberos isn't up and running --- you can assume having both servers on one and the same system in such cases and ldap configured to use sockets or local interfaces only communication with kdc or kadmin. If not you'll have a biddy and egg problem. But it is absolutely not usefull to have slapd start *AFTER* krb5-kdc: it can't get any neccessary data this way. > Unfortunately, both init script orderings break different things > for different people. What really needs to happen is that one > or the other (or preferrably both) services need to be robust > against the other service not yet being initialized. LDAP ist robust against kerberos not running at the moment slapd starts. Kerberos can't be robust about that. No way. If it stores data in LDAP it has to have access to the server. At the moment this breaks the whole thing. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to krb5 in ubuntu. https://bugs.launchpad.net/bugs/652433 Title: Init script dependency error: krb5-kdc starts before slapd -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
