kadmin authentication fallback to master?

[John Devitofranceschi]

Is there a way to make MIT's kadmin authenticate its user against the master kdc (in environments where there is only one) when the user's principal is not yet propagated (either due to latency or misadventure)?

From what I can tell, the Solaris kadmin does this.

The use case for this is to be able to used kadmin to easily script user and keytab provisioning with sensible error checking and failure detection.


jd