[3124] in Kerberos
re: kerberos won't start
daemon@ATHENA.MIT.EDU (Mark W. Eichin)
Sun Apr 17 01:45:58 1994
Date: Sun, 17 Apr 94 01:34:08 EDT
From: "Mark W. Eichin" <eichin@cygnus.com>
To: kerberos@MIT.EDU
The problem, under SunOS, is usually that you've started the KDC (ie.
the "kerberos" program itself) after something else has the port. It
turns out that 750 is in the range of ports that the "portmapper" will
assign to other services. Whether or not it grabs 750 seems timing
dependent, and it isn't always the same service that gets it
(sometimes rpc.mountd, sometimes rpc.statd, sometimes others.)
The fixes are to (1) start kerberos *before* portmapper (ie. at the
beginning of /etc/rc.local, before the /usr/etc/portmap check) (2) Run
the service using the registered port (88?) instead of 750 (which may
affect interoperation with other sites already deployed.)
SO_REUSEADDR is inappropriate. Also, rebooting the system *does*
"clear all old sockets" -- sockets are only data structures in kernel
memory, after all.
Seeing something bound to the kerberos port using netstat doesn't tell
you what process it actually *is* -- though a combination of pstat,
netstat -A (yes, upper-case A) and ofiles should tell you which
process it actually is. Also, sometimes it will randomly work anyhow.
_Mark_ <eichin@cygnus.com>
Cygnus Support
Cygnus Network Security <network-security@cygnus.com>
