master_kdc is now required?

Ben Creech bpcreech at
Tue Aug 19 17:43:21 EDT 2003

The problem I reported earlier:
is really caused by a missing master_kdc field in my krb5.conf.  When I 
request a ticket for a bogus principal, get_init_creds tries twice, once 
against a normal kdc (which fails with the correct error), and once on the 
master.  When it goes to look up the master, krb5_locate_kdc fails. 
Spelunking through code, I saw this, added the field, and everything works 

What I still don't understand:
-Was this intentional behavior?  The "master_kdc" field does not appear to 
be documented.
-Why doesn't my Linux client do the same thing?

On an unrelated note, send_as_request looks weird at the TCP logic.  Why do 
we only check for the too-big-for-udp response from the KDC when the caller 
has requested that an error message be returned from the library function? 
Will err_reply->error ever equal KRB_ERR_RESPONSE_TOO_BIG?  Shouldn't it be 

Ben Creech

More information about the krbdev mailing list