As far as I know krb5.conf does not have limitations on the number of KDCs that
can be listedhttps://web.mit.edu/kerberos/krb5-1....krb5_conf.html
I have 3 servers that I would like to be read. I have no problem with at least
two being listed there.kdc=server1kdc=server2
when I shutdown server1 authentication happens without trouble against
server2.But when I list 3 servers therekdc=server1kdc=server2kdc=server3
and shutdown server1 and server2 authentication fails.
My theories about this are:1. there is a variable that specifies max number of
kdcs. Seems unlikely2. Bug. Also unlikely3. There is a variable that specifies
total number of seconds to wait before giving up.I tried playing with
max_timeout and max_retries but that didn't help
I'm drawing blank as to why only first two kdc lines are honored and would
appreciate any advise.
PS: I would also be interested in more information on relationship between
sssd.conf and krb5.conf
It seems like I can configure sssd.conf with ipa_server=_srv_, <explicit fqdn>
Then why is krb5.conf is necessary at all?
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org