suggestion for locating master kdc logic

Will Fiveash will.fiveash at
Tue Apr 3 19:14:11 EDT 2012

Looking at the code for krb5_get_init_creds_password() and
prof_locate_server() I see that if the KDC specified by a "kdc =" spec
in krb5.conf returns a krb error, the acquire krb cred logic is to look
for a master_kdc spec either in krb5.conf or via DNS and if one isn't
found, give up.  Given that the admin_server/kpasswd_server specs are
very likely to reference a master KDC, shouldn't the *_locate_server()
functions when given a locate_service type of locate_service_master_kdc
try to first find master_kdc (current behavior) and if that fails then
admin_server and finally kpasswd_server?  I can't imagine why master_kdc
would point to a different KDC than the one the admin_server is set to.

Will Fiveash
Oracle Solaris Software Engineer
Sent using mutt, a sweet, text based e-mail app <>

More information about the krbdev mailing list