[38558] in Kerberos
Re: kpropd on non-default port
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Jul 15 12:22:44 2019
To: Yegui Cai <caiyegui@gmail.com>, <kerberos@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <d54eda29-457d-495a-12d7-77bc10040372@mit.edu>
Date: Mon, 15 Jul 2019 12:22:02 -0400
MIME-Version: 1.0
In-Reply-To: <CAJYMFR4AEMitFDkcpzM9FPTg1HjsC8rERHba6A-gymhVT-FgBw@mail.gmail.com>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 7/15/19 8:59 AM, Yegui Cai wrote:
> I am trying to deploy a master and a slave KDC. Due to regulations, I need
> to run everything on unpriviledged ports. I have done everything except for
> kpropd which by default runs on 754. When I launched kpropd on port, say,
> 3754. Database propagation did not happen. I did try running kproplog to
> check - the master node shows some changes but it is not reflected on the
> slave node. The initial kprop -P 3754 command did success though.
For full database propagation, kadmind on the master KDC need to know
what port to connect to on the replica KDC. This port number can be
specified via the kadmind "-k portnum" option (new in release 1.15) or
by setting the KPROP_PORT environment variable.
kpropd on the replica KDC also needs to know what port to contact in
order to request updates from kadmind on the master KDC. The iprop_port
relation needs to be present in the appropriate [realms] subsection on
both the master and replica KDCs. (In 1.15, iprop_listen may be used
instead on the master KDC.)
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
