diff options
-rw-r--r-- | doc/ChangeLog | 6 | ||||
-rw-r--r-- | doc/admin.texinfo | 10 |
2 files changed, 16 insertions, 0 deletions
diff --git a/doc/ChangeLog b/doc/ChangeLog index b71b54a141..ffe9724f7c 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,9 @@ +2003-07-25 Ken Raeburn <raeburn@mit.edu> + + * admin.texinfo (realms (krb5.conf)): Add description of + master_kdc tag. + (Sample krb5.conf File): Add it to the example. + 2003-07-24 Sam Hartman <hartmans@mit.edu> * admin.texinfo (realms (kdc.conf)): Remove references to kdc_supported_enctypes diff --git a/doc/admin.texinfo b/doc/admin.texinfo index 0706aa51df..ec500025fe 100644 --- a/doc/admin.texinfo +++ b/doc/admin.texinfo @@ -708,6 +708,15 @@ this tag must be given a value in each realm subsection in the configuration file, or there must be DNS SRV records specifying the KDCs (see @ref{Using DNS}). +@itemx master_kdc +Identifies the master KDC(s). Currently, this tag is used in only one +case: If an attempt to get credentials fails because of an invalid +password, the client software will attempt to contact the master KDC, +in case the user's password has just been changed, and the updated +database has not been propagated to the slave servers yet. (We don't +currently check whether the KDC from which the initial response came +is on the master KDC list. That may be fixed in the future.) + @itemx admin_server Identifies the host where the administration server is running. Typically, this is the master Kerberos server. This tag must be given @@ -1037,6 +1046,7 @@ Here is an example of a generic @code{krb5.conf} file: kdc = @value{KDCSLAVE1}.@value{PRIMARYDOMAIN} kdc = @value{KDCSLAVE2}.@value{PRIMARYDOMAIN}:750 admin_server = @value{KDCSERVER}.@value{PRIMARYDOMAIN} + master_kdc = @value{KDCSERVER}.@value{PRIMARYDOMAIN} default_domain = @value{PRIMARYDOMAIN} @} @value{SECONDREALM} = @{ |