On Tue, Apr 09, 2013 at 10:01:50AM -0700, Russ Allbery wrote: > Dominic Hargreaves <dominic.hargrea...@it.ox.ac.uk> writes: > > > Whilst troubleshooting an issue with startup of a daemon invoked via > > k5start and supervise, we noticed that k5start appears to exit, rather > > than retrying, if it is unable to resolve DNS (in this case, the local > > caching resolver was not started, owing to system startup dependency > > issues), whist getting AFS tokens. Here's a manual test with the > > resolver down. > > Yeah, this is a bug in 4.1 that's fixed in Git. I need to get a 4.2 > release out. 4.1 retries on any failure *except* the very first > authentication. (That was originally intentional, but I've become > convinced that it was a bad idea.) > > I can backport 4.2 to wheezy once the release (both kstart and wheezy) are > out. The version at: > > git://git.eyrie.org/kerberos/kstart.git > > should work as you expect if you are running into this enough that it > makes sense to build a local package in the interim.
Thanks for the prompt reply, and sorry I didn't check git for fixes :) We have worked around the issue for now by fixing our resolvers to be started by the Debian init system rather than daemontools for now (dependency based sequencing and daemontools really don't play well, sadly) so it is enough to know that a fix is in the pipeline. Cheers, Dominic. -- Dominic Hargreaves, Systems Development and Support Section IT Services, University of Oxford
signature.asc
Description: Digital signature
