incremental propagation gets stuck with UPDATE_FULL_RESYNC_NEEDED
Nico Williams
nico at cryptonector.com
Thu May 2 00:25:49 EDT 2013
On Wed, May 1, 2013 at 11:20 PM, Dave Steiner <steiner at oit.rutgers.edu> wrote:
> Because we have multiple realms, we run several kpropd's with the -P. When
> I run kprop I give the port. But when kprop is run from kadmin for
> incremental propagation, where is it going to get the correct port number
> from?
In src/kadmin/server/ipropd_svc.c I see:
/* XXX Yuck! */
if (getenv("KPROP_PORT")) {
pret = execl(kprop, "kprop", "-f", dump_file, "-P",
getenv("KPROP_PORT"), clhost, NULL);
} else {
pret = execl(kprop, "kprop", "-f", dump_file, clhost, NULL);
}
There's your answer. Either from KPROP_PORT in the environment, or by
having a per-kadmind instance krb5.conf and KRB5_CONFIG in the
environment.
Ideally all of the KDC-side daemons/tools would support multi-realm
operation, but kadmind doesn't quite at this time.
Nico
--
More information about the Kerberos
mailing list