Please do not send non-development requests to the krbdev mailing list. Slave databases are read-only. Only the master database can be used for password change. The master kdc must be listed in the KDC list either as an additional
kdc=master-kdc or master_kdc=master-kdc entry or both. Jeffrey Altman Sachin Punadikar wrote: > Hello, > > I have Kerberos (MIT 1.5.4 release) configured as master and slave. At the > client side krb5.conf file I am mentioning kdc=slave-kdc. And this is the > only entry in the krb5.conf file which talks about KDC. > In this scenario if the attribute "needchange" is set then, it prompts for > the password change but finally it fails to get the ticket with the newly > changed password. This may be because it is trying to get the ticket from > the slave. But slave will not have updated database at that moment. > So is it recommended to try for password change, only when "master_kdc" > entry in the krb5.conf file exists? > Or is there any mechanism by which one can update slave KDC database > instantenously, so above scenario will work ? > > Please advice. > > - Sachin. > _______________________________________________ > krbdev mailing list [EMAIL PROTECTED] > https://mailman.mit.edu/mailman/listinfo/krbdev
smime.p7s
Description: S/MIME Cryptographic Signature
________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
