kpropd on non-default port

Greg Hudson ghudson at mit.edu
Mon Jul 15 12:22:02 EDT 2019


On 7/15/19 8:59 AM, Yegui Cai wrote:
> I am trying to deploy a master and a slave KDC. Due to regulations, I need
> to run everything on unpriviledged ports. I have done everything except for
> kpropd which by default runs on 754. When I launched kpropd on port, say,
> 3754. Database propagation did not happen. I did try running kproplog to
> check - the master node shows some changes but it is not reflected on the
> slave node. The initial kprop -P 3754 command did success though.

For full database propagation, kadmind on the master KDC need to know
what port to connect to on the replica KDC.  This port number can be
specified via the kadmind "-k portnum" option (new in release 1.15) or
by setting the KPROP_PORT environment variable.

kpropd on the replica KDC also needs to know what port to contact in
order to request updates from kadmind on the master KDC.  The iprop_port
relation needs to be present in the appropriate [realms] subsection on
both the master and replica KDCs.  (In 1.15, iprop_listen may be used
instead on the master KDC.)


More information about the Kerberos mailing list