Page MenuHomeFreeBSD
Differential D44898

kdc: Add restart option
ClosedPublic
Actions

Authored by cy on Mon, Apr 22, 3:32 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, May 3, 3:23 AM
Unknown Object (File)
Sun, Apr 28, 12:31 PM
Unknown Object (File)
Sat, Apr 27, 5:52 PM
Unknown Object (File)
Fri, Apr 26, 1:26 AM
Unknown Object (File)
Fri, Apr 26, 1:25 AM
Unknown Object (File)
Fri, Apr 26, 1:24 AM
Unknown Object (File)
Fri, Apr 26, 1:24 AM
Unknown Object (File)
Fri, Apr 26, 1:23 AM
View All 14 Files
Subscribers
None

Details

Reviewers
imp
emaste
lexi_le-fay.org
Commits
rGe750111ced03: kdc: Add restart option
rGabc4b3088941: kdc: Add restart option
rG9e248b7f645c: kdc: Add restart option
Summary

Add a new kdc_restart rc variable that manages kdc (or krb5kdc) under
aemon(8). This automatically restarts the kdc should it fail, i.e.
when it's configured to use LDAP as a backend and cannot connect to its
LDAP directory.




Set kdc_restart="YES" to auto restart kdc on abnormal termination.



Set kdc_restart_delay="N" to the number of seconds to delay before

restarting the kdc. The daemon(8) default seconds applies when not set.



Reported by:    Lexi Winter <lexi.freebsd@le-fay.org>

PR:             278395
Test Plan
Tested locally.



Tested in PR/278395
Diff Detail
Repository 
rG FreeBSD src repository 
Lint 
Lint Not Applicable
 
Unit 
Tests Not Applicable
 
Event Timeline
cy requested review of this revision.Mon, Apr 22, 3:32 AM
cy created this revision.
cy updated this revision to Diff 137478.Mon, Apr 22, 3:40 AM
Remove last "DEFAULT" remnant.
lexi_le-fay.org added a comment.Mon, Apr 22, 9:14 PM
tested this with MIT kerberos (security/krb5 1.21.2_3) on: FreeBSD 15.0-CURRENT #13 lf/main-n268972-9ef33a35bd71: Fri Mar 29 23:12:04 GMT 2024     srcmastr@daphne.eden.le-fay.org:/src/obj/src/freebsd/lf/main/arm64.aarch64/sys/LF



i noticed one issue: if kdc_restart=YES and kdc doesn't start (e.g. LDAP is down), 'service stop' doesn't work; daemon continues trying to start kdc forever and 'service kdc stop' hangs until timeout.  i think it would be better if 'service kdc stop' immediately killed the daemon process.



aside from that, it seems to work fine: if LDAP is down, kdc keeps trying to start until LDAP comes back up.
libexec/rc/rc.d/kdc


16
i think this should be "kdc_restart_delay" (lowercase) to match other instances of this option.
cy added inline comments.Tue, Apr 23, 12:40 PM
libexec/rc/rc.d/kdc


16
Oops. Old habits die hard.
cy updated this revision to Diff 137545.Tue, Apr 23, 12:41 PM
Fix a stupid typo.
This revision was not accepted when it landed; it landed in state Needs Review.Wed, Apr 24, 5:55 AM
Closed by commit rG9e248b7f645c: kdc: Add restart option (authored by cy).  ·  Explain Why
This revision was automatically updated to reflect the committed changes.
cy added a commit: rG9e248b7f645c: kdc: Add restart option.
cy added a commit: rGabc4b3088941: kdc: Add restart option.Mon, Apr 29, 12:51 PM
cy added a commit: rGe750111ced03: kdc: Add restart option.
Revision Contents
Changeset List
PathSize
libexec/
rc/
2 lines
rc.d/
29 lines
Diff 137596
View Options
libexec/rc/rc.conf
Loading...
View Options
libexec/rc/rc.d/kdc
Loading...