+2003-07-25 Ken Raeburn <raeburn@mit.edu>
+
+ * admin.texinfo (realms (krb5.conf)): Add description of
+ master_kdc tag.
+ (Sample krb5.conf File): Add it to the example.
+
2003-07-24 Sam Hartman <hartmans@mit.edu>
* admin.texinfo (realms (kdc.conf)): Remove references to kdc_supported_enctypes
configuration file, or there must be DNS SRV records specifying the
KDCs (see @ref{Using DNS}).
+@itemx master_kdc
+Identifies the master KDC(s). Currently, this tag is used in only one
+case: If an attempt to get credentials fails because of an invalid
+password, the client software will attempt to contact the master KDC,
+in case the user's password has just been changed, and the updated
+database has not been propagated to the slave servers yet. (We don't
+currently check whether the KDC from which the initial response came
+is on the master KDC list. That may be fixed in the future.)
+
@itemx admin_server
Identifies the host where the administration server is running.
Typically, this is the master Kerberos server. This tag must be given
kdc = @value{KDCSLAVE1}.@value{PRIMARYDOMAIN}
kdc = @value{KDCSLAVE2}.@value{PRIMARYDOMAIN}:750
admin_server = @value{KDCSERVER}.@value{PRIMARYDOMAIN}
+ master_kdc = @value{KDCSERVER}.@value{PRIMARYDOMAIN}
default_domain = @value{PRIMARYDOMAIN}
@}
@value{SECONDREALM} = @{
projects / thirdparty / krb5.git / commitdiff
