As far as I know krb5.conf does not have limitations on the number of KDCs that 
can be listedhttps://web.mit.edu/kerberos/krb5-1....krb5_conf.html
I have 3 servers that I would like to be read. I have no problem with at least 
two being listed there.kdc=server1kdc=server2
when I shutdown server1 authentication happens without trouble against 
server2.But when I list 3 servers therekdc=server1kdc=server2kdc=server3
and shutdown server1 and server2 authentication fails.
My theories about this are:1. there is a variable that specifies max number of 
kdcs. Seems unlikely2. Bug. Also unlikely3. There is a variable that specifies 
total number of seconds to wait before giving up.I tried playing with 
max_timeout and max_retries but that didn't help
I'm drawing blank as to why only first two kdc lines are honored and would 
appreciate any advise.


PS: I would also be interested in more information on relationship between 
sssd.conf and krb5.conf
It seems like I can configure sssd.conf with ipa_server=_srv_, <explicit fqdn>  
Then why is krb5.conf is necessary at all?
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to