On 5/2/2013 12:25 AM, Nico Williams wrote: > On Wed, May 1, 2013 at 11:20 PM, Dave Steiner <[email protected]> wrote: >> Because we have multiple realms, we run several kpropd's with the -P. When >> I run kprop I give the port. But when kprop is run from kadmin for >> incremental propagation, where is it going to get the correct port number >> from? > In src/kadmin/server/ipropd_svc.c I see: > > /* XXX Yuck! */ > if (getenv("KPROP_PORT")) { > pret = execl(kprop, "kprop", "-f", dump_file, "-P", > getenv("KPROP_PORT"), clhost, NULL); > } else { > pret = execl(kprop, "kprop", "-f", dump_file, clhost, NULL); > } > > There's your answer. Either from KPROP_PORT in the environment, or by > having a per-kadmind instance krb5.conf and KRB5_CONFIG in the > environment. > > Ideally all of the KDC-side daemons/tools would support multi-realm > operation, but kadmind doesn't quite at this time. > > Nico > --
Would the following work? Since I only care about turning on iprop for one realm, I can just have that kpropd use the default 754 port instead of 860 like I do now. Would I then have to change iprop_port for that realm to 754 in the kdc.conf also? Or does iprop happen over a different port from kprop? -ds ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
