Bug 859961 - krb5.conf(5): document master_kdc option
Summary: krb5.conf(5): document master_kdc option
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: krb5
Version: 6.3
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Robbie Harwood
QA Contact: Patrik Kis
Depends On:
TreeView+ depends on / blocked
Reported: 2012-09-24 13:39 UTC by Marko Myllynen
Modified: 2015-10-07 17:08 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2015-10-07 17:08:20 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Marko Myllynen 2012-09-24 13:39:55 UTC
Description of problem:
krb5.conf(5) should document the master_kdc configuration option, using kdc/admin_server to specify a KDC in /etc/krb5.conf with DNS lookups disabled is not enough, in some cases it can be seen e.g. with KRB5_TRACE=/dev/stderr kinit -V user@REALM that another KDC is being contacted.

By also setting the currently undocumented master_kdc then only the specified KDC is being contacted.

Version-Release number of selected component (if applicable):
RHEL 6.3

Comment 2 David Spurek 2014-08-22 06:17:16 UTC
Reopening, I think that this option should be added to man page in rhel6.

Rhel 7 man has it and says:
              Identifies  the  master  KDC(s).  Currently, this tag is used in
              only one case: If an attempt to get credentials fails because of
              an invalid password, the client software will attempt to contact
              the master KDC, in  case  the  user's  password  has  just  been
              changed, and the updated database has not been propagated to the
              slave servers yet.

Comment 6 Robbie Harwood 2015-10-07 17:08:20 UTC
This does not seem a very important issue to disrupt rhel6 with and it is fixed in rhel7.

Note You need to log in before you can comment on or make changes to this bug.