kerberos password change in master-slave environment
Ken Hornstein
kenh at cmf.nrl.navy.mil
Wed Mar 24 18:02:03 EST 2004
>Could you elaborate a bit? First of all, does 'error' include just
>incorrect password (because the new, correct, one hasn't yet propagated)?
Since you asked ... currently, the following list of error codes is ones
that the KDC will _not_ retry on:
KRB5_KDC_UNREACH
KRB5_PREAUTH_FAILED
KRB5_LIBOS_PWDINTR
KRB5_REALM_CANT_RESOLVE
(it's left as a exercise to the reader to determine which error strings
these map to).
>Secondly, to which config parameters do you refer?
You need to have an admin_server entry (or there's another entry you can use
which I always forget) in your krb5.conf.
--Ken
More information about the Kerberos
mailing list