[krbdev.mit.edu #8277] iprop can choose wrong realm
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Mon Nov 16 15:15:22 EST 2015
The incremental propagation code can fail if either:
* The configured default realm does not match the realm being
propagated (even if the -r option is used to specify a realm)
* The slave hostname has a configured mapping for a different realm
than the realm being propagated.
These problems chiefly arise from the use of krb5_sname_to_principal()
in kprop and kpropd.
See also this thread:
http://mailman.mit.edu/pipermail/kerberos/2015-November/021025.html
More information about the krb5-bugs
mailing list