suggestion for locating master kdc logic

Greg Hudson ghudson at MIT.EDU
Fri Apr 6 16:35:21 EDT 2012

On 04/06/2012 04:09 PM, Russ Allbery wrote:
> Not only do you lose fallback in this case, but you also don't get
> password change on expired password, unless you patched the code to not
> require master_kdc in that case as well.

My test results with current code don't match this claim.  I do see a
bug that the kpasswd_server -> admin_server fallback doesn't work for
kinit password changes, but the presence or absence of master_kdc
doesn't seem to have any relevance.  (Nor would one expect it to, since
password changes don't go through a KDC.)

More information about the krbdev mailing list