incremental propagation gets stuck with UPDATE_FULL_RESYNC_NEEDED

[Dave Steiner]

On 5/2/2013 12:25 AM, Nico Williams wrote:
> On Wed, May 1, 2013 at 11:20 PM, Dave Steiner <steiner at oit.rutgers.edu> wrote:
>> Because we have multiple realms, we run several kpropd's with the -P.  When
>> I run kprop I give the port.  But when kprop is run from kadmin for
>> incremental propagation, where is it going to get the correct port number
>> from?
> In src/kadmin/server/ipropd_svc.c I see:
>
>          /* XXX Yuck!  */
>          if (getenv("KPROP_PORT")) {
>              pret = execl(kprop, "kprop", "-f", dump_file, "-P",
>                           getenv("KPROP_PORT"), clhost, NULL);
>          } else {
>              pret = execl(kprop, "kprop", "-f", dump_file, clhost, NULL);
>          }
>
> There's your answer.  Either from KPROP_PORT in the environment, or by
> having a per-kadmind instance krb5.conf and KRB5_CONFIG in the
> environment.
>
> Ideally all of the KDC-side daemons/tools would support multi-realm
> operation, but kadmind doesn't quite at this time.
>
> Nico
> --

Would the following work?

Since I only care about turning on iprop for one realm, I can just have 
that kpropd use the default 754 port instead of 860 like I do now.  
Would I then have to change iprop_port for that realm to 754 in the 
kdc.conf also?  Or does iprop happen over a different port from kprop?

-ds