Bug 859961 - krb5.conf(5): document master_kdc option
krb5.conf(5): document master_kdc option
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: krb5 (Show other bugs)
Unspecified Unspecified
low Severity low
: rc
: ---
Assigned To: Robbie Harwood
Patrik Kis
: Documentation, Reopened
Depends On:
  Show dependency treegraph
Reported: 2012-09-24 09:39 EDT by Marko Myllynen
Modified: 2015-10-07 13:08 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-10-07 13:08:20 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Marko Myllynen 2012-09-24 09:39:55 EDT
Description of problem:
krb5.conf(5) should document the master_kdc configuration option, using kdc/admin_server to specify a KDC in /etc/krb5.conf with DNS lookups disabled is not enough, in some cases it can be seen e.g. with KRB5_TRACE=/dev/stderr kinit -V user@REALM that another KDC is being contacted.

By also setting the currently undocumented master_kdc then only the specified KDC is being contacted.

Version-Release number of selected component (if applicable):
RHEL 6.3
Comment 2 David Spurek 2014-08-22 02:17:16 EDT
Reopening, I think that this option should be added to man page in rhel6.

Rhel 7 man has it and says:
              Identifies  the  master  KDC(s).  Currently, this tag is used in
              only one case: If an attempt to get credentials fails because of
              an invalid password, the client software will attempt to contact
              the master KDC, in  case  the  user's  password  has  just  been
              changed, and the updated database has not been propagated to the
              slave servers yet.
Comment 6 Robbie Harwood 2015-10-07 13:08:20 EDT
This does not seem a very important issue to disrupt rhel6 with and it is fixed in rhel7.

Note You need to log in before you can comment on or make changes to this bug.