Changing password using slave KDC
Jeffrey Altman
jaltman at secure-endpoints.com
Thu Nov 1 07:11:52 EDT 2007
Please do not send non-development requests to the krbdev mailing list.
Slave databases are read-only. Only the master database can be used
for password change. The master kdc must be listed in the KDC list
either as an additional
kdc=master-kdc
or
master_kdc=master-kdc
entry or both.
Jeffrey Altman
Sachin Punadikar wrote:
> Hello,
>
> I have Kerberos (MIT 1.5.4 release) configured as master and slave. At the
> client side krb5.conf file I am mentioning kdc=slave-kdc. And this is the
> only entry in the krb5.conf file which talks about KDC.
> In this scenario if the attribute "needchange" is set then, it prompts for
> the password change but finally it fails to get the ticket with the newly
> changed password. This may be because it is trying to get the ticket from
> the slave. But slave will not have updated database at that moment.
> So is it recommended to try for password change, only when "master_kdc"
> entry in the krb5.conf file exists?
> Or is there any mechanism by which one can update slave KDC database
> instantenously, so above scenario will work ?
>
> Please advice.
>
> - Sachin.
> _______________________________________________
> krbdev mailing list krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20071101/e35596cb/attachment.bin
More information about the Kerberos
mailing list