[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Kerberos propagation, kpropd

From: Nalin Dahyabhai <nalin redhat com>
To: nahant-beta-list redhat com
Subject: Re: Kerberos propagation, kpropd
Date: Tue, 9 Nov 2004 10:55:45 -0500

On Tue, Oct 26, 2004 at 03:07:14PM -0600, Ryan Thomson wrote:
> I'm wondering why the kadmin daemon isn't allowed to run when a kpropd ACL
> file is located on the machine? In the MIT Kerberos documentation it says that
> the kpropd.acl file must exist on all KDCs that will be a part of database
> propagation including the master. It seems illogical that kadmin is not
> allowed to run on any servers which are a part of database propagation...

I couldn't find where that requirement's listed in the administrator's
guide, but AFAIK kpropd.acl is only accessed by kpropd, which you'd only
run on the receiving end of propagation.  A host which is receiving
updates via kpropd shouldn't run kadmind because changes made through
kadmind will be wiped out by kpropd.

HTH,

Nalin

Follow-Ups:
- Re: Kerberos propagation, kpropd
  - From: Ryan Thomson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]