kadmin authentication fallback to master?

Greg Hudson ghudson at MIT.EDU
Sat May 10 15:52:27 EDT 2014

On 05/10/2014 03:42 PM, John Devitofranceschi wrote:
> Is there a way to make MIT's kadmin authenticate its user against the master kdc (in environments where there is only one) when the user's principal is not yet propagated (either due to latency or misadventure)?

Like kinit, kadmin will fall back to the master KDC on most AS request
errors if a master KDC is defined.  You need to set the master_kdc
relation in the realm section or create a _kerberos-master SRV record.

More information about the Kerberos mailing list