suggestion for locating master kdc logic
Will Fiveash
will.fiveash at oracle.com
Tue Apr 3 19:14:11 EDT 2012
Looking at the code for krb5_get_init_creds_password() and
prof_locate_server() I see that if the KDC specified by a "kdc =" spec
in krb5.conf returns a krb error, the acquire krb cred logic is to look
for a master_kdc spec either in krb5.conf or via DNS and if one isn't
found, give up. Given that the admin_server/kpasswd_server specs are
very likely to reference a master KDC, shouldn't the *_locate_server()
functions when given a locate_service type of locate_service_master_kdc
try to first find master_kdc (current behavior) and if that fails then
admin_server and finally kpasswd_server? I can't imagine why master_kdc
would point to a different KDC than the one the admin_server is set to.
--
Will Fiveash
Oracle Solaris Software Engineer
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet, text based e-mail app <http://www.mutt.org/>
More information about the krbdev
mailing list