kerberos password change in master-slave environ
Digant Kasundra
digant at uta.edu
Wed Mar 24 14:23:05 EST 2004
Changing is every 5 minutes still means you can't really login or do
anything until after 5 minutes have passed. And what do you do when your
password database is several megs and takes 2 or 3 minutes to transfer?
I hope (wish) there is a better way. This way just seems like the easy
hack. Its not really "replication," it just copying.
-----Original Message-----
From: kerberos-bounces at mit.edu
To: kerberos at mit.edu
Sent: 3/24/2004 9:43 AM
Subject: kerberos password change in master-slave environ
All,
I have a kerberos master-slave (1 master, 4 slaves) environment.
When user changes password, master has the recent passwd while
the slaves have older password until kerberos database is propagated
(once in 5 hrs).
I have configured all clients/member unix servers so that they query
the slaves.
Problem: When user changes password the new password is unusable
until krb5 database is propagated.
Question: If a user changes password (using kpasswd), shouldn't the
slave
kerberos server check with master if it has a more recent
copy
of the password?
Is there a more elegant solution, than say propagating
corporate
wide
kerberos database every 5 min or so ?
thanks
-subu
________________________________________________
Kerberos mailing list Kerberos at mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
More information about the Kerberos
mailing list