Wang Shouhua <shouh...@gmail.com> writes: > On 2 April 2014 21:46, Benjamin Kaduk <ka...@mit.edu> wrote: >> On Wed, 2 Apr 2014, Wang Shouhua wrote: >> >>> Is there such an utility which can issue a "ping" (null command) to >>> the kdc to see if it is still responding? >> >> >> I'm not aware of a dedicated utility. However, the KDC is basically a >> stateless UDP service, so recording a live transaction and replaying an >> input packet is expected to yield some sort of response packet. Doing this >> periodically allows for a very primitive "liveness check" which can be used >> in some monitoring setups. Of course, if one wants to monitor that the KDC >> is actually functioning properly and not just spewing error packets, more >> effort is required. > > Does the Kerberos5 core protocol have a 'null' operation?
It does not, unless you count correctly formatted yet invalid KDC-REQs that can elicit KRB-ERROR messages. If you don't count that, could you describe why having a null operation is important for your purposes? ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos