Discussion of krb5_get_init_creds_password() behavior wasRe:problem with the kinit_prompter in kfw 2.5

[Sam Hartman]

>>>>> "Ken" == Ken Hornstein <kenh at cmf.nrl.navy.mil> writes:

    Jeffrey> Now the discussion is on the topic of double queries
    Jeffrey> being sent to the "master" kdc when the password does not
    Jeffrey> match the one known by the first kdc tried.
    >>  Right.  ANd I don't see that as problematic since you have to
    >> go out of your way to enable the functionality.

    Ken> But wait a minute.

    Ken> According to what I see in 1.3.1, when use_master is set, it
    Ken> uses the krb5.conf entry for "admin_server" (it takes a while
    Ken> to find it, but that's certainly how I read
    Ken> krb5_locate_srv_conf_1()).  I think we _all_ have an
    Ken> admin_server set; if we don't, then kadmin & kpasswd won't
    Ken> work.  

Ah, yes my confusion was that I misunderstood the code.