[17564] in Kerberos_V5_Development
Re: suggestion for locating master kdc logic
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Apr 6 16:03:03 2012
Message-ID: <4F7F4BF2.5060305@mit.edu>
Date: Fri, 06 Apr 2012 16:02:58 -0400
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: krbdev@mit.edu
In-Reply-To: <20120406195304.GC14892@oracle.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
One possible concern is that KDC and kadmin servers do not necessarily
operate on the default port. For example, the realm configuration for a
typical test case in our test suite looks like:
kpasswd_server = equal-rites.mit.edu:61002
admin_server = equal-rites.mit.edu:61001
kdc = equal-rites.mit.edu:61000
So where should the code assume the master KDC is? Certainly not
equal-rites.mit.edu:61001; we know that a kadmin server is running
there. If we assume equal-rites.mit.edu:88, we'd break the cases in the
test suite, which is a red flag that we might break some live
configurations. If we start matching the hostname of the admin server
against the hostnames of the KDCs to find the port, that starts to feel
complicated.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
