[36105] in Kerberos
Re: kadmin authentication fallback to master?
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sat May 10 15:52:41 2014
Message-ID: <536E837B.2090307@mit.edu>
Date: Sat, 10 May 2014 15:52:27 -0400
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: John Devitofranceschi <jdvf@optonline.net>, kerberos@mit.edu
In-Reply-To: <3E3893DD-7DF6-4A62-82D2-39AD8B766BD7@optonline.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 05/10/2014 03:42 PM, John Devitofranceschi wrote:
> Is there a way to make MIT's kadmin authenticate its user against the master kdc (in environments where there is only one) when the user's principal is not yet propagated (either due to latency or misadventure)?
Like kinit, kadmin will fall back to the master KDC on most AS request
errors if a master KDC is defined. You need to set the master_kdc
relation in the realm section or create a _kerberos-master SRV record.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
