master_kdc is now required?
Ben Creech
bpcreech at eos.ncsu.edu
Tue Aug 19 17:43:21 EDT 2003
The problem I reported earlier:
<http://krbdev.mit.edu/rt/Ticket/Display.html?id=1735>
is really caused by a missing master_kdc field in my krb5.conf. When I
request a ticket for a bogus principal, get_init_creds tries twice, once
against a normal kdc (which fails with the correct error), and once on the
master. When it goes to look up the master, krb5_locate_kdc fails.
Spelunking through code, I saw this, added the field, and everything works
fine.
What I still don't understand:
-Was this intentional behavior? The "master_kdc" field does not appear to
be documented.
-Why doesn't my Linux client do the same thing?
On an unrelated note, send_as_request looks weird at the TCP logic. Why do
we only check for the too-big-for-udp response from the KDC when the caller
has requested that an error message be returned from the library function?
Will err_reply->error ever equal KRB_ERR_RESPONSE_TOO_BIG? Shouldn't it be
KRB_ERR_RESPONSE_TOO_BIG - KRB5KDC_ERR_NONE?
Thanks,
Ben Creech
More information about the krbdev
mailing list