[35984] in Kerberos
Re: ping for kdc utility?
daemon@ATHENA.MIT.EDU (Tom Yu)
Wed Apr 2 16:01:49 2014
To: Wang Shouhua <shouhuaw@gmail.com>
From: Tom Yu <tlyu@mit.edu>
Date: Wed, 02 Apr 2014 16:01:29 -0400
In-Reply-To: <CANzOW+KSEOtpp14+SErRSERpR_fQJy32zi8rwfj3Msf4txyFtw@mail.gmail.com>
(Wang Shouhua's message of "Wed, 2 Apr 2014 21:50:36 +0200")
Message-ID: <ldv8urnlcva.fsf@cathode-dark-space.mit.edu>
MIME-Version: 1.0
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Wang Shouhua <shouhuaw@gmail.com> writes:
> On 2 April 2014 21:46, Benjamin Kaduk <kaduk@mit.edu> wrote:
>> On Wed, 2 Apr 2014, Wang Shouhua wrote:
>>
>>> Is there such an utility which can issue a "ping" (null command) to
>>> the kdc to see if it is still responding?
>>
>>
>> I'm not aware of a dedicated utility. However, the KDC is basically a
>> stateless UDP service, so recording a live transaction and replaying an
>> input packet is expected to yield some sort of response packet. Doing this
>> periodically allows for a very primitive "liveness check" which can be used
>> in some monitoring setups. Of course, if one wants to monitor that the KDC
>> is actually functioning properly and not just spewing error packets, more
>> effort is required.
>
> Does the Kerberos5 core protocol have a 'null' operation?
It does not, unless you count correctly formatted yet invalid KDC-REQs
that can elicit KRB-ERROR messages. If you don't count that, could
you describe why having a null operation is important for your
purposes?
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
