UMICH krep patches and kadmin oddness on Solaris 9
Steve Harper
s.harper at m.cc.utah.edu
Tue Sep 3 17:58:12 EDT 2002
We are running the University of Michigan's 'krep' patches against
krb5 v1.25 on some Solaris 9 machines, and are noticing a weird problem
with kadmind, and I thought I'd see if anyone had experienced the same
problem before I started digging through source-code and what not.
What happens is changes made with kadmin.local are written to the
master_delta file, but changes made with kadmin are not. Its quite
bizzare.
One place I may be deviating from a standard config is that the master KDC
does not have a kdc= entry for itself in the krb5.conf because krep tries
to connect to itself and the master_delta never gets truncated since its
'failing' to connect to one 'slave' (itself). I've looked at the source
(getslaves.c) and there is code there to remove the master from the list
of KDCs, but I guess that the gethostname() call under solaris 9 returns
the FQDN, while the krb5.conf refers to every KDC by the node name
(uname -n). The krep code would break if we didn't refer to hosts by the
node name in the krb5.conf, so thats why we do that.
Anyway, if anyone has any comments or further questions I'd be greatful
for the help, and quick to answer.
Thanks,
Steve Harper Campus Student Computing
Computer Professional Marriott Library
s.harper at utah.edu University of Utah
More information about the Kerberos
mailing list