[36104] in Kerberos
kadmin authentication fallback to master?
daemon@ATHENA.MIT.EDU (John Devitofranceschi)
Sat May 10 15:43:11 2014
Date: Sat, 10 May 2014 15:42:40 -0400
From: John Devitofranceschi <jdvf@optonline.net>
To: kerberos@mit.edu
Message-id: <3E3893DD-7DF6-4A62-82D2-39AD8B766BD7@optonline.net>
MIME-version: 1.0
Content-Type: multipart/mixed; boundary="===============0149084955=="
Errors-To: kerberos-bounces@mit.edu
--===============0149084955==
Content-type: multipart/signed;
boundary="Apple-Mail=_8CA1EDE3-1000-45B7-81A3-3D4D6C2DA698";
protocol="application/pkcs7-signature"; micalg=sha1
--Apple-Mail=_8CA1EDE3-1000-45B7-81A3-3D4D6C2DA698
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
Is there a way to make MIT's kadmin authenticate its user against the =
master kdc (in environments where there is only one) when the user's =
principal is not yet propagated (either due to latency or misadventure)?
=46rom what I can tell, the Solaris kadmin does this.
The use case for this is to be able to used kadmin to easily script user =
and keytab provisioning with sensible error checking and failure =
detection.
jd=
--Apple-Mail=_8CA1EDE3-1000-45B7-81A3-3D4D6C2DA698--
--===============0149084955==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============0149084955==--
