Hello, thank You for help, I was reading the source code, but I got lost :-)
Anyway, I noticed kpropd has an -F switch to specify path to database, but it's used only in full replication when passing arguments to kbd_util. It would be nice to use this argument to override config files in incremental propagation as well. I suppose not too many people uses incremental propagation, it relatively new feature, but I must say after getting it work, it's perfect solution. thanx for all the help Matej Zagiba On 11/16/2010 01:14 AM, Greg Hudson wrote: > I can confirm two bugs that you have encountered and worked around: > > 1. kprop uses krb5_sname_to_principal() to determine its client > principal, and does not understand the referral realm. So it does not > work without a -r parameter unless the profile's domain_realm section > can map the local hostname. You worked around this by correcting your > existing domain_realm section in your profile. > > A reasonable, if not perfect, fix here is to do what kpropd does in a > similiar piece of code: substitute the default realm for the referral > realm when using the result of krb5_sname_to_principal() as a client > principal. > > 2. kpropd, when processing incremental updates, modifies the KDB using > ulog_replay(), but does not initialize its context to use the KDC > profile, so it uses only settings from krb5.conf to find the KDB. You > worked around this with symlinks. An alternative workaround would be to > put the KDB configuration into krb5.conf instead of kdc.conf. (In the > past, it used to be required to put KDB configuration into krb5.conf. > That odd requirement was relaxed somewhere around krb5 1.5 for most > programs which run on the KDC, but a few have escaped the net, including > kpropd.) > > I will open issues for both bugs and try to get them fixed for 1.9. > Thanks for your investigative work. > > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
