Incremental propagation when KDCs are clients of a different realm
toby at inf.ed.ac.uk
Mon Nov 2 09:48:26 EST 2015
I'm trying to set up incremental propagation on a master-slave KDC
configuration where the KDCs are clients of a different realm to the one they
e.g. the KDCs are master and slave of TEST.EXAMPLE.COM, but they are clients
of EXAMPLE.COM (and have default_realm set to EXAMPLE.COM accordingly)
I can't seem to get this to work at all, but before debugging in increasing
detail, I thought it worth asking a couple of questions on this list:
(1) Has anybody got this kind of configuration to work?
(2) Does anyone know, one way or another, whether this could be made to work?
I can provide more details, but my tests suggest that default_realm is used in
the iprop communication (e.g. kpropd doesn't do anything until a krb5.conf
with a changed default_realm is used).
School of Informatics
University of Edinburgh
The University of Edinburgh is a charitable body, registered in
Scotland, with registration number SC005336.
More information about the Kerberos