[36107] in Kerberos
Re: kadmin authentication fallback to master?
daemon@ATHENA.MIT.EDU (John Devitofranceschi)
Sat May 10 17:22:09 2014
Date: Sat, 10 May 2014 17:21:55 -0400
From: John Devitofranceschi <jdvf@optonline.net>
In-reply-to: <690ADDE5-2C98-4533-8FBE-B5AF53C632A7@optonline.net>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Message-id: <8E0B14C0-C77A-4BCD-BE14-FBB3410F66DE@optonline.net>
MIME-version: 1.0
Content-Type: multipart/mixed; boundary="===============0458800197=="
Errors-To: kerberos-bounces@mit.edu
--===============0458800197==
Content-type: multipart/signed;
boundary=Apple-Mail-252CFB6F-4C7E-475C-AB03-BEDE982D5925;
protocol="application/pkcs7-signature"; micalg=sha1
Content-transfer-encoding: 7bit
--Apple-Mail-252CFB6F-4C7E-475C-AB03-BEDE982D5925
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable
> On May 10, 2014, at 17:12, John Devitofranceschi <jdvf@optonline.net> wrot=
e:
>=20
>=20
>=20
>=20
>>> On May 10, 2014, at 15:52, Greg Hudson <ghudson@MIT.EDU> wrote:
>>>=20
>>> On 05/10/2014 03:42 PM, John Devitofranceschi wrote:
>>> Is there a way to make MIT's kadmin authenticate its user against the ma=
ster kdc (in environments where there is only one) when the user's principal=
is not yet propagated (either due to latency or misadventure)?
>>=20
>> Like kinit, kadmin will fall back to the master KDC on most AS request
>> errors if a master KDC is defined. You need to set the master_kdc
>> relation in the realm section or create a _kerberos-master SRV record.
>=20
> With which version of Kerberos was master_kdc in the krb5.conf introduced?=
>=20
> I saw it referenced in a mailing list post from a few years back, but my f=
eeble searches on it turned up nothing useful.
>=20
> jd
Ah! I just checked and the message in question called it kdc_master, which i=
s why I couldn't find it.
jd=
--Apple-Mail-252CFB6F-4C7E-475C-AB03-BEDE982D5925--
--===============0458800197==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============0458800197==--
