[37290] in Kerberos
Re: Incremental propagation when KDCs are clients of a different realm
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Nov 2 10:49:46 2015
To: Toby Blake <toby@inf.ed.ac.uk>, kerberos@mit.edu
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <563785D3.1070702@mit.edu>
Date: Mon, 2 Nov 2015 10:48:35 -0500
MIME-Version: 1.0
In-Reply-To: <AC88C309-4CB1-4E4E-9F69-5C44C061C430@inf.ed.ac.uk>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 11/02/2015 09:48 AM, Toby Blake wrote:
> I'm trying to set up incremental propagation on a master-slave KDC
> configuration where the KDCs are clients of a different realm to the one they
> serve.
kpropd appears to insist on using the default realm for its iprop code,
even if a "-r realm" parameter is given. This is probably a bug.
As a workaround, you could set KRB5_CONFIG to point to a copy of
krb5.conf file with default_realm changed to the KDC realm.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
