[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Debian shishi package bug

From: Simon Josefsson
Subject: Re: Debian shishi package bug
Date: Tue, 18 Apr 2006 18:36:24 +0200
User-agent: Gnus/5.110005 (No Gnus v0.5) Emacs/22.0.50 (gnu/linux)

Russ Allbery <address@hidden> writes:

> Simon Josefsson <address@hidden> writes:
>> The --background parameter to start-stop-daemon appear to work, and seem
>> to be the fastest way to solve this problem, so I propose to do it that
>> way.  Do you see any problem with this?  I've asked the original
>> reported to test it.
> It's fine as a short-term solution; the problem with it in the longer term
> is described in the start-stop-daemon man page.  (It means that the init
> script can't detect errors in startup.)

Yup.  I looked into it quickly, and it wasn't clear where to do the
fork().  The obvious place to do it is right before the call to
kdc_loop() in shishid.c, but if GnuTLS is used, the Diffie-Hellman
parameters are generated before that, and that can take a while.
Thus, it may yield faster startup times to move fork() earlier, but I
couldn't find an obvious place then.

I think I'll implement my first idea now, and if the delay for
generating the D-H parameters is causing problems for someone, then
add a way to store the D-H parameters on disk.  The proper design is
actually to have a separate process generate the D-H parameters every
12th hour or so, and not have shishid generate them at all, and have
the second process send a SIGHUP to shishid to have it re-read the
parameters.  Currently the D-H parameters are used until you re-start
shishid which isn't good (although compared to everything else, rather

Btw, I'm making progress on pre-auth support...  it won't be perfect
(non-default salt's won't be supported initially) but I hope to get it
into 0.0.24 and release that soon.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]