[2771] in Kerberos
Re: KDC shutdown
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Thu Aug 5 21:03:02 1993
Date: Thu, 5 Aug 93 20:45:31 EDT
From: tytso@Athena.MIT.EDU (Theodore Ts'o)
To: athey@lorien.ocf.llnl.gov
Cc: ramus@nersc.gov, kerberos@Athena.MIT.EDU
In-Reply-To: Charles L. Athey III's message of Thu, 5 Aug 93 09:27:15 PDT,
Date: Thu, 5 Aug 93 09:27:15 PDT
From: athey@lorien.ocf.llnl.gov (Charles L. Athey III)
>Yes, it most certainly is safe. The Kerberos KDC only opens the
>Kerberos database in readonly mode. It is the kadmind which gets
>involved with someone changing their password, and even if there isn't
>now, there ought to be code so that it will clean up and exit after
>receiving a normal kill signal.
>
> - Ted
Ted's is corrected - it is safe BUT if you are running Sandia's version the
database might very well be open read-write. Sandia's version has
the option of running in readonly or read-write mode.
The more I think about it, the more I believe Sandia's changes to open
the database in read/write are a mistake. A much better idea is to keep
last-accessed and failure count information in a separate dbm file, so
that the KDC can still be opened read/only. That way, if a crash takes
out the dbm file, you're much less likely to have a disaster on your
hands.
- Ted
