[37289] in Kerberos
Incremental propagation when KDCs are clients of a different realm
daemon@ATHENA.MIT.EDU (Toby Blake)
Mon Nov 2 09:48:51 2015
From: Toby Blake <toby@inf.ed.ac.uk>
Message-Id: <AC88C309-4CB1-4E4E-9F69-5C44C061C430@inf.ed.ac.uk>
Date: Mon, 2 Nov 2015 14:48:26 +0000
To: kerberos@mit.edu
Mime-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello,
I'm trying to set up incremental propagation on a master-slave KDC
configuration where the KDCs are clients of a different realm to the one they
serve.
e.g. the KDCs are master and slave of TEST.EXAMPLE.COM, but they are clients
of EXAMPLE.COM (and have default_realm set to EXAMPLE.COM accordingly)
I can't seem to get this to work at all, but before debugging in increasing
detail, I thought it worth asking a couple of questions on this list:
(1) Has anybody got this kind of configuration to work?
(2) Does anyone know, one way or another, whether this could be made to work?
I can provide more details, but my tests suggest that default_realm is used in
the iprop communication (e.g. kpropd doesn't do anything until a krb5.conf
with a changed default_realm is used).
Cheers
Toby Blake
School of Informatics
University of Edinburgh
--
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
