Bug 859961

Summary: krb5.conf(5): document master_kdc option
Product: Red Hat Enterprise Linux 6 Reporter: Marko Myllynen <myllynen>
Component: krb5Assignee: Robbie Harwood <rharwood>
Status: CLOSED NEXTRELEASE QA Contact: Patrik Kis <pkis>
Severity: low Docs Contact:
Priority: low    
Version: 6.3CC: dpal, ebenes, jplans, kerberos-dev-list, pkis, rharwood, sbose
Target Milestone: rcKeywords: Documentation, Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-10-07 17:08:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marko Myllynen 2012-09-24 13:39:55 UTC 
Description of problem:
krb5.conf(5) should document the master_kdc configuration option, using kdc/admin_server to specify a KDC in /etc/krb5.conf with DNS lookups disabled is not enough, in some cases it can be seen e.g. with KRB5_TRACE=/dev/stderr kinit -V user@REALM that another KDC is being contacted.

By also setting the currently undocumented master_kdc then only the specified KDC is being contacted.

Version-Release number of selected component (if applicable):
RHEL 6.3
Comment 2 David Spurek 2014-08-22 06:17:16 UTC 
Reopening, I think that this option should be added to man page in rhel6.

Rhel 7 man has it and says:
       master_kdc
              Identifies  the  master  KDC(s).  Currently, this tag is used in
              only one case: If an attempt to get credentials fails because of
              an invalid password, the client software will attempt to contact
              the master KDC, in  case  the  user's  password  has  just  been
              changed, and the updated database has not been propagated to the
              slave servers yet.
Comment 6 Robbie Harwood 2015-10-07 17:08:20 UTC 
This does not seem a very important issue to disrupt rhel6 with and it is fixed in rhel7.