suggestion for locating master kdc logic
Greg Hudson
ghudson at MIT.EDU
Fri Apr 6 16:35:21 EDT 2012
On 04/06/2012 04:09 PM, Russ Allbery wrote:
> Not only do you lose fallback in this case, but you also don't get
> password change on expired password, unless you patched the code to not
> require master_kdc in that case as well.
My test results with current code don't match this claim. I do see a
bug that the kpasswd_server -> admin_server fallback doesn't work for
kinit password changes, but the presence or absence of master_kdc
doesn't seem to have any relevance. (Nor would one expect it to, since
password changes don't go through a KDC.)
More information about the krbdev
mailing list