Changing password using slave KDC
Sachin Punadikar
punadikar.sachin at gmail.com
Thu Nov 1 06:36:28 EDT 2007
Hello,
I have Kerberos (MIT 1.5.4 release) configured as master and slave. At the
client side krb5.conf file I am mentioning kdc=slave-kdc. And this is the
only entry in the krb5.conf file which talks about KDC.
In this scenario if the attribute "needchange" is set then, it prompts for
the password change but finally it fails to get the ticket with the newly
changed password. This may be because it is trying to get the ticket from
the slave. But slave will not have updated database at that moment.
So is it recommended to try for password change, only when "master_kdc"
entry in the krb5.conf file exists?
Or is there any mechanism by which one can update slave KDC database
instantenously, so above scenario will work ?
Please advice.
- Sachin.
More information about the krbdev
mailing list