On Sun, 2011-05-22 at 09:19 -0400, John Devitofranceschi wrote: > From your description of the issue, it seems that if the old mkey is > purged from the master db after conversion and the slaves are then > re-initialized from scratch, this problem can be avoided.
Simply purging the old mkey should be adequate to work around the bug, I think. An entry with no master key entry is treated (in 1.8.2, anyway) as having the minimum master key version, so the buggy principal entries should magically snap from 1 to 2 once the old mkey version is purged. At any time, rebuilding the slaves with a full kprop should populate the master key version of all current principal entries on the slaves, but new entries will continue to be missing the master key version field until the bug is fixed in the slaves' code base (libkdb5 as used by kpropd). ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
