Incremental propagation when KDCs are clients of a different realm

Toby Blake toby at
Mon Nov 2 09:48:26 EST 2015


I'm trying to set up incremental propagation on a master-slave KDC
configuration where the KDCs are clients of a different realm to the one they

e.g.  the KDCs are master and slave of TEST.EXAMPLE.COM, but they are clients
of EXAMPLE.COM (and have default_realm set to EXAMPLE.COM accordingly)

I can't seem to get this to work at all, but before debugging in increasing
detail, I thought it worth asking a couple of questions on this list:

(1) Has anybody got this kind of configuration to work?

(2) Does anyone know, one way or another, whether this could be made to work?

I can provide more details, but my tests suggest that default_realm is used in
the iprop communication (e.g.  kpropd doesn't do anything until a krb5.conf
with a changed default_realm is used).

Toby Blake
School of Informatics
University of Edinburgh

The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.

More information about the Kerberos mailing list