Hi Jeffrey, I carried out the change. Added an entry of "kdc=master-kdc" after the existing "kdc=slave-kdc". But still it fails to get the ticket of new password. It works fine when "master_kdc=master-kdc" exists.
So is it expected behavior ? Thanks in advance. - Sachin. On 11/1/07, Jeffrey Altman <[EMAIL PROTECTED]> wrote: > > Please do not send non-development requests to the krbdev mailing list. > > Slave databases are read-only. Only the master database can be used > for password change. The master kdc must be listed in the KDC list > either as an additional > > kdc=master-kdc > > or > > master_kdc=master-kdc > > entry or both. > > Jeffrey Altman > > > Sachin Punadikar wrote: > > Hello, > > > > I have Kerberos (MIT 1.5.4 release) configured as master and slave. At > the > > client side krb5.conf file I am mentioning kdc=slave-kdc. And this is > the > > only entry in the krb5.conf file which talks about KDC. > > In this scenario if the attribute "needchange" is set then, it prompts > for > > the password change but finally it fails to get the ticket with the > newly > > changed password. This may be because it is trying to get the ticket > from > > the slave. But slave will not have updated database at that moment. > > So is it recommended to try for password change, only when "master_kdc" > > entry in the krb5.conf file exists? > > Or is there any mechanism by which one can update slave KDC database > > instantenously, so above scenario will work ? > > > > Please advice. > > > > - Sachin. > > _______________________________________________ > > krbdev mailing list [EMAIL PROTECTED] > > https://mailman.mit.edu/mailman/listinfo/krbdev > > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
