suggestion for locating master kdc logic

Sam Hartman hartmans at MIT.EDU
Fri Apr 6 16:45:08 EDT 2012

Looking for kpasswd_server is a bad idea because of AD.
In practice it doubles the number of account lockout  attempts  when you
give a bad password.

We had a fairly long design discussion that lead to the current
logic. However I thought we did look for master KDCs with admin_server.

More information about the krbdev mailing list