[17566] in Kerberos_V5_Development
Re: suggestion for locating master kdc logic
daemon@ATHENA.MIT.EDU (Greg Hudson)
Fri Apr 6 16:35:26 2012
Message-ID: <4F7F5389.50303@mit.edu>
Date: Fri, 06 Apr 2012 16:35:21 -0400
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: krbdev@mit.edu
In-Reply-To: <87ty0w62s7.fsf@windlord.stanford.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On 04/06/2012 04:09 PM, Russ Allbery wrote:
> Not only do you lose fallback in this case, but you also don't get
> password change on expired password, unless you patched the code to not
> require master_kdc in that case as well.
My test results with current code don't match this claim. I do see a
bug that the kpasswd_server -> admin_server fallback doesn't work for
kinit password changes, but the presence or absence of master_kdc
doesn't seem to have any relevance. (Nor would one expect it to, since
password changes don't go through a KDC.)
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
