kadmin authentication fallback to master?

John Devitofranceschi jdvf at optonline.net
Sat May 10 15:42:40 EDT 2014

Is there a way to make MIT's kadmin authenticate its user against the master kdc (in environments where there is only one) when the user's principal is not yet propagated (either due to latency or misadventure)?

From what I can tell, the Solaris kadmin does this.

The use case for this is to be able to used kadmin to easily script user and keytab provisioning with sensible error checking and failure detection.


More information about the Kerberos mailing list