[35986] in Kerberos
Re: ping for kdc utility?
daemon@ATHENA.MIT.EDU (Wang Shouhua)
Wed Apr 2 16:11:37 2014
MIME-Version: 1.0
In-Reply-To: <ldv8urnlcva.fsf@cathode-dark-space.mit.edu>
Date: Wed, 2 Apr 2014 22:11:16 +0200
Message-ID: <CANzOW+JHB8JzpLXSo5AnvgwNyyJ5ue5uuFG5mqC8b2kjEtL6DQ@mail.gmail.com>
From: Wang Shouhua <shouhuaw@gmail.com>
To: Tom Yu <tlyu@mit.edu>
Cc: kerberos@mit.edu
Content-Type: multipart/mixed; boundary="===============0131956130=="
Errors-To: kerberos-bounces@mit.edu
--===============0131956130==
Content-Type: text/plain; charset=GB2312
Content-Transfer-Encoding: 8bit
On 2 April 2014 22:01, Tom Yu <tlyu@mit.edu> wrote:
> Wang Shouhua <shouhuaw@gmail.com> writes:
>
>> On 2 April 2014 21:46, Benjamin Kaduk <kaduk@mit.edu> wrote:
>>> On Wed, 2 Apr 2014, Wang Shouhua wrote:
>>>
>>>> Is there such an utility which can issue a "ping" (null command) to
>>>> the kdc to see if it is still responding?
>>>
>>>
>>> I'm not aware of a dedicated utility. However, the KDC is basically a
>>> stateless UDP service, so recording a live transaction and replaying an
>>> input packet is expected to yield some sort of response packet. Doing this
>>> periodically allows for a very primitive "liveness check" which can be used
>>> in some monitoring setups. Of course, if one wants to monitor that the KDC
>>> is actually functioning properly and not just spewing error packets, more
>>> effort is required.
>>
>> Does the Kerberos5 core protocol have a 'null' operation?
>
> It does not, unless you count correctly formatted yet invalid KDC-REQs
> that can elicit KRB-ERROR messages. If you don't count that, could
> you describe why having a null operation is important for your
> purposes?
To see if the KDC is still 'alive and kicking'. Apparently some
students-as-admins here spend the night trying to find a problem in
our Kerberos setup the whole night and they are very exhausted. The
problem turned out to be a switch/firewall problem which caused the
KDC to stop processing requests after some time, something which could
have been diagnosed much earlier using a dedicated utility.
Wang
--
Wang Shouhua - shouhuaw@gmail.com
中华人民共和国科学技术部 - HTTP://WWW.MOST.GOV.CN
--===============0131956130==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============0131956130==--
