[36106] in Kerberos
Re: kadmin authentication fallback to master?
daemon@ATHENA.MIT.EDU (John Devitofranceschi)
Sat May 10 17:12:35 2014
Date: Sat, 10 May 2014 17:12:16 -0400
From: John Devitofranceschi <jdvf@optonline.net>
In-reply-to: <536E837B.2090307@mit.edu>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Message-id: <690ADDE5-2C98-4533-8FBE-B5AF53C632A7@optonline.net>
MIME-version: 1.0
Content-Type: multipart/mixed; boundary="===============1574490683=="
Errors-To: kerberos-bounces@mit.edu
--===============1574490683==
Content-type: multipart/signed;
boundary=Apple-Mail-3741DBF5-2C78-4FE0-BD18-0DD0B5EC7CC0;
protocol="application/pkcs7-signature"; micalg=sha1
Content-transfer-encoding: 7bit
--Apple-Mail-3741DBF5-2C78-4FE0-BD18-0DD0B5EC7CC0
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
> On May 10, 2014, at 15:52, Greg Hudson <ghudson@MIT.EDU> wrote:
>=20
>> On 05/10/2014 03:42 PM, John Devitofranceschi wrote:
>> Is there a way to make MIT's kadmin authenticate its user against the mas=
ter kdc (in environments where there is only one) when the user's principal i=
s not yet propagated (either due to latency or misadventure)?
>=20
> Like kinit, kadmin will fall back to the master KDC on most AS request
> errors if a master KDC is defined. You need to set the master_kdc
> relation in the realm section or create a _kerberos-master SRV record.
With which version of Kerberos was master_kdc in the krb5.conf introduced?
I saw it referenced in a mailing list post from a few years back, but my fee=
ble searches on it turned up nothing useful.
jd=
--Apple-Mail-3741DBF5-2C78-4FE0-BD18-0DD0B5EC7CC0--
--===============1574490683==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============1574490683==--
