I am trying to set up iprop replication for a slave KDC running on a container in an EC2 instance in Amazon Web Services (AWS). We are running Heimdal 1.5.2.

When the slave ipropd-slave connects to the master, it looks like the master is doing a reverse DNS lookup on the slave's IP address and getting one of those long Amazon addresses (e.g., ec2-52-45-91-42.us-west-2.compute.amazonaws.com). It then looks for the principal "iprop/ec2-52-45-91-42.us-west-2.compute.amazonaws.com" in its database.

We could just make the iprop principal the slave uses be "iprop/ec2-52-45-91-42.us-west-2.compute.amazonaws.com" but the problem with this is that the EC2 instance our slave runs on can change its IP address at any time due to rebuilding or redeploying.

Is there anyway to get ipropd-master NOT to do this reverse DNS lookup and just accept the principal name as sent by the slave? For example, I would like to create a principal "iprop/testing123" and use that instead of one based on a hostname. (We would still require that whatever principal was sent by the slave would need to be listed in the /var/heimdal/slaves file.)

Thanks, Adam Lewenberg

Reply via email to