[28622] in Kerberos
Changing password using slave KDC
daemon@ATHENA.MIT.EDU (Sachin Punadikar)
Thu Nov 1 06:36:50 2007
Message-ID: <9549b1d80711010336n2587f400nbd1cf7f42499cdd3@mail.gmail.com>
Date: Thu, 1 Nov 2007 16:06:28 +0530
From: "Sachin Punadikar" <punadikar.sachin@gmail.com>
To: kerberos@mit.edu, krbdev@mit.edu
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hello,
I have Kerberos (MIT 1.5.4 release) configured as master and slave. At the
client side krb5.conf file I am mentioning kdc=slave-kdc. And this is the
only entry in the krb5.conf file which talks about KDC.
In this scenario if the attribute "needchange" is set then, it prompts for
the password change but finally it fails to get the ticket with the newly
changed password. This may be because it is trying to get the ticket from
the slave. But slave will not have updated database at that moment.
So is it recommended to try for password change, only when "master_kdc"
entry in the krb5.conf file exists?
Or is there any mechanism by which one can update slave KDC database
instantenously, so above scenario will work ?
Please advice.
- Sachin.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
