[EMAIL PROTECTED] wrote: > Hi, folks > > 2) Users wouldn't be happy if they were unable to login one hour every > time they change password. > > So, logical consequence is that master must answer all TGT requests. > Having a slave around in case master dies is better than nothing, but > slave should never get the TGT requests as long as the master is alive.
Of course the user would not be happy this way. If the TGT request fails because of an incorrect password, the client checks to see whether or not the KDC contacted was in fact the master. If not, it sends a request to the master. ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
