[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Kerberos propagation, kpropd



On Tue, Oct 26, 2004 at 03:07:14PM -0600, Ryan Thomson wrote:
> I'm wondering why the kadmin daemon isn't allowed to run when a kpropd ACL
> file is located on the machine? In the MIT Kerberos documentation it says that
> the kpropd.acl file must exist on all KDCs that will be a part of database
> propagation including the master. It seems illogical that kadmin is not
> allowed to run on any servers which are a part of database propagation...

I couldn't find where that requirement's listed in the administrator's
guide, but AFAIK kpropd.acl is only accessed by kpropd, which you'd only
run on the receiving end of propagation.  A host which is receiving
updates via kpropd shouldn't run kadmind because changes made through
kadmind will be wiped out by kpropd.

HTH,

Nalin


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]