Hello, I have Kerberos (MIT 1.5.4 release) configured as master and slave. At the client side krb5.conf file I am mentioning kdc=slave-kdc. And this is the only entry in the krb5.conf file which talks about KDC. In this scenario if the attribute "needchange" is set then, it prompts for the password change but finally it fails to get the ticket with the newly changed password. This may be because it is trying to get the ticket from the slave. But slave will not have updated database at that moment. So is it recommended to try for password change, only when "master_kdc" entry in the krb5.conf file exists? Or is there any mechanism by which one can update slave KDC database instantenously, so above scenario will work ?
Please advice. - Sachin. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
