(Boolean value.) Specifies whether incremental database
propagation is enabled. The default value is false.
-**iprop_master_ulogsize**
+**iprop_ulogsize**
(Integer.) Specifies the maximum number of log entries to be
retained for incremental propagation. The default value is 1000.
- Prior to release 1.11, the maximum value was 2500.
+ Prior to release 1.11, the maximum value was 2500. New in release
+ 1.19.
+
+**iprop_master_ulogsize**
+ The name for **iprop_ulogsize** prior to release 1.19. Its value is
+ used as a fallback if **iprop_ulogsize** is not specified.
**iprop_replica_poll**
(Delta time string.) Specifies how often the replica KDC polls
host will be tried.
**master_kdc**
+ The name for **primary_kdc** prior to release 1.19. Its value is
+ used as a fallback if **primary_kdc** is not specified.
+
+**primary_kdc**
Identifies the primary KDC(s). Currently, this tag is used in only
one case: If an attempt to get credentials fails because of an
invalid password, the client software will attempt to contact the
primary KDC, in case the user's password has just been changed, and
the updated database has not been propagated to the replica
- servers yet.
+ servers yet. New in release 1.19.
**v4_instance_convert**
This subsection allows the administrator to configure exceptions
kdc = kerberos-1.mit.edu
kdc = kerberos-2.mit.edu
admin_server = kerberos.mit.edu
- master_kdc = kerberos.mit.edu
+ primary_kdc = kerberos.mit.edu
}
EXAMPLE.COM = {
kdc = kerberos.example.com
#define KRB5_CONF_IPROP_RESYNC_TIMEOUT "iprop_resync_timeout"
#define KRB5_CONF_IPROP_REPLICA_POLL "iprop_replica_poll"
#define KRB5_CONF_IPROP_SLAVE_POLL "iprop_slave_poll"
+#define KRB5_CONF_IPROP_ULOGSIZE "iprop_ulogsize"
#define KRB5_CONF_K5LOGIN_AUTHORITATIVE "k5login_authoritative"
#define KRB5_CONF_K5LOGIN_DIRECTORY "k5login_directory"
#define KRB5_CONF_KADMIND_LISTEN "kadmind_listen"
#define KRB5_CONF_PLUGINS "plugins"
#define KRB5_CONF_PLUGIN_BASE_DIR "plugin_base_dir"
#define KRB5_CONF_PREFERRED_PREAUTH_TYPES "preferred_preauth_types"
+#define KRB5_CONF_PRIMARY_KDC "primary_kdc"
#define KRB5_CONF_PROXIABLE "proxiable"
#define KRB5_CONF_QUALIFY_SHORTNAME "qualify_shortname"
#define KRB5_CONF_RDNS "rdns"
enum locate_service_type {
locate_service_kdc = 1,
- locate_service_master_kdc,
+ locate_service_primary_kdc,
locate_service_kadmin,
locate_service_krb524,
locate_service_kpasswd
};
+#define locate_service_master_kdc locate_service_primary_kdc
typedef struct krb5plugin_service_locate_ftable {
int minor_version; /* currently 0 */
GET_DELTAT_PARAM(iprop_resync_timeout, KADM5_CONFIG_IPROP_RESYNC_TIMEOUT,
KRB5_CONF_IPROP_RESYNC_TIMEOUT, 60 * 5);
- hierarchy[2] = KRB5_CONF_IPROP_MASTER_ULOGSIZE;
-
- params.iprop_ulogsize = DEF_ULOGENTRIES;
- params.mask |= KADM5_CONFIG_ULOG_SIZE;
-
if (params_in->mask & KADM5_CONFIG_ULOG_SIZE) {
params.mask |= KADM5_CONFIG_ULOG_SIZE;
params.iprop_ulogsize = params_in->iprop_ulogsize;
} else {
+ params.iprop_ulogsize = 0;
+ hierarchy[2] = KRB5_CONF_IPROP_ULOGSIZE;
if (aprofile != NULL &&
- !krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue)) {
- if (ivalue <= 0)
- params.iprop_ulogsize = DEF_ULOGENTRIES;
- else
- params.iprop_ulogsize = ivalue;
- params.mask |= KADM5_CONFIG_ULOG_SIZE;
- }
+ !krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue) &&
+ ivalue > 0)
+ params.iprop_ulogsize = ivalue;
+ hierarchy[2] = KRB5_CONF_IPROP_MASTER_ULOGSIZE;
+ if (params.iprop_ulogsize == 0 && aprofile != NULL &&
+ !krb5_aprof_get_int32(aprofile, hierarchy, TRUE, &ivalue) &&
+ ivalue > 0)
+ params.iprop_ulogsize = ivalue;
+ if (params.iprop_ulogsize == 0)
+ params.iprop_ulogsize = DEF_ULOGENTRIES;
}
+ params.mask |= KADM5_CONFIG_ULOG_SIZE;
GET_DELTAT_PARAM(iprop_poll_time, KADM5_CONFIG_POLL_TIME,
KRB5_CONF_IPROP_REPLICA_POLL, -1);
kdc = KERBEROS-2.MIT.EDU:88
kdc = KERBEROS.MIT.EDU
kdc = KERBEROS-1.MIT.EDU
- master_kdc = KERBEROS.MIT.EDU
+ primary_kdc = KERBEROS.MIT.EDU
admin_server = KERBEROS.MIT.EDU
default_domain = MIT.EDU
v4_instance_convert = {
realm_srv_names[2] = name;
realm_srv_names[3] = 0;
code = profile_get_values(context->profile, realm_srv_names, &hostlist);
+ if (code == PROF_NO_RELATION && strcmp(name, KRB5_CONF_PRIMARY_KDC) == 0) {
+ realm_srv_names[2] = KRB5_CONF_MASTER_KDC;
+ code = profile_get_values(context->profile, realm_srv_names,
+ &hostlist);
+ }
if (code) {
Tprintf("config file lookup failed: %s\n", error_message(code));
if (code == PROF_NO_SECTION || code == PROF_NO_RELATION)
kdc_ports:
dflport = KRB5_DEFAULT_PORT;
break;
- case locate_service_master_kdc:
- profname = KRB5_CONF_MASTER_KDC;
+ case locate_service_primary_kdc:
+ profname = KRB5_CONF_PRIMARY_KDC;
goto kdc_ports;
case locate_service_kadmin:
profname = KRB5_CONF_ADMIN_SERVER;
return 0;
switch (svc) {
- case locate_service_master_kdc:
+ case locate_service_primary_kdc:
find_primary = TRUE;
/* Fall through */
case locate_service_kdc:
case locate_service_kdc:
dnsname = "_kerberos";
break;
- case locate_service_master_kdc:
+ case locate_service_primary_kdc:
dnsname = "_kerberos-master";
break;
case locate_service_kadmin:
{
enum locate_service_type stype;
- stype = get_primaries ? locate_service_master_kdc : locate_service_kdc;
+ stype = get_primaries ? locate_service_primary_kdc : locate_service_kdc;
return k5_locate_server(context, realm, serverlist, stype, no_udp);
}
if (server->primary != -1)
return server->primary;
- if (locate_server(context, realm, &list, locate_service_master_kdc,
+ if (locate_server(context, realm, &list, locate_service_primary_kdc,
server->transport) != 0)
return FALSE;
found = server_list_contains(&list, server);
kdc = kerberos-1.mit.edu
kdc = kerberos-2.mit.edu
kdc = kerberos-3.mit.edu
- master_kdc = kerberos.mit.edu
+ primary_kdc = kerberos.mit.edu
admin_server = kerberos.mit.edu
}
MEDIA-LAB.MIT.EDU = {
kdc = kerberos.mit.edu
kdc = kerberos-1.mit.edu
kdc = kerberos-2.mit.edu
- master_kdc = kerberos.mit.edu
+ primary_kdc = kerberos.mit.edu
admin_server = kerberos.mit.edu
}
CYGNUS.COM = {
[realms]
ATHENA.MIT.EDU = {
kdc = kerberos.mit.edu
- master_kdc = kerberos.mit.edu
+ primary_kdc = kerberos.mit.edu
admin_server = kerberos.mit.edu
}*
projects / thirdparty / krb5.git / commitdiff
