suggestion for locating master kdc logic
Greg Hudson
ghudson at MIT.EDU
Fri Apr 6 16:02:58 EDT 2012
One possible concern is that KDC and kadmin servers do not necessarily
operate on the default port. For example, the realm configuration for a
typical test case in our test suite looks like:
kpasswd_server = equal-rites.mit.edu:61002
admin_server = equal-rites.mit.edu:61001
kdc = equal-rites.mit.edu:61000
So where should the code assume the master KDC is? Certainly not
equal-rites.mit.edu:61001; we know that a kadmin server is running
there. If we assume equal-rites.mit.edu:88, we'd break the cases in the
test suite, which is a red flag that we might break some live
configurations. If we start matching the hostname of the admin server
against the hostnames of the KDCs to find the port, that starts to feel
complicated.
More information about the krbdev
mailing list