I'm not really mastering Heimdal just yet so I'd like to be sure I'm
not wrong. But for instance the iprop configuration guide IMO is
incomplete.
https://www.h5l.org/manual/HEAD/info/heimdal/Incremental-propagation.ht
ml
"Then you need to create those principals that you added in the
configuration file. Create one `iprop/hostname' for the master and for
every slave.
master# /usr/heimdal/sbin/ktutil get iprop/`hostname`
slave# /usr/heimdal/sbin/ktutil get iprop/`hostname`"
How is the slave supposed to connect to the master if has a principal
built on the server itself which is not on the master?
In fact following the guide the result, when trying to connect the
slave to the master is something like:
"iprop/slave-host principal not in hdb".
I've fixed it creating an iprop/slave-host on the master.
Another thing in this regard, which I don't know why is it behaving
like that, but I cannot somehow secure such principal which means that
I cannot set a password because it will always fail.
Therefore the principal has to be with no password leaving the access
control to the check in /var/heimdal/slaves and the identification of
the FQDN declared in the principal itself.
Am I wrong?
On Mon, 2018-08-06 at 10:57 -0400, Viktor Dukhovni wrote:
> > On Aug 6, 2018, at 3:52 AM, ASV <a...@inhio.net> wrote:
> >
> > There are sections which are scarcely written and perhaps not even
> > correct (like the incremental propagation one).
>
> If you could be a bit more specific, (and as Jeff says open an
> issue on Github) we might be able to address some of the most
> critical deficits.
>
