I'm not really mastering Heimdal just yet so I'd like to be sure I'm not wrong. But for instance the iprop configuration guide IMO is incomplete. https://www.h5l.org/manual/HEAD/info/heimdal/Incremental-propagation.ht ml
"Then you need to create those principals that you added in the configuration file. Create one `iprop/hostname' for the master and for every slave. master# /usr/heimdal/sbin/ktutil get iprop/`hostname` slave# /usr/heimdal/sbin/ktutil get iprop/`hostname`" How is the slave supposed to connect to the master if has a principal built on the server itself which is not on the master? In fact following the guide the result, when trying to connect the slave to the master is something like: "iprop/slave-host principal not in hdb". I've fixed it creating an iprop/slave-host on the master. Another thing in this regard, which I don't know why is it behaving like that, but I cannot somehow secure such principal which means that I cannot set a password because it will always fail. Therefore the principal has to be with no password leaving the access control to the check in /var/heimdal/slaves and the identification of the FQDN declared in the principal itself. Am I wrong? On Mon, 2018-08-06 at 10:57 -0400, Viktor Dukhovni wrote: > > On Aug 6, 2018, at 3:52 AM, ASV <a...@inhio.net> wrote: > > > > There are sections which are scarcely written and perhaps not even > > correct (like the incremental propagation one). > > If you could be a bit more specific, (and as Jeff says open an > issue on Github) we might be able to address some of the most > critical deficits. >