On 11/07/2015 12:00 PM, John Devitofranceschi wrote: > Might it be the case that administrative account unlocking using kadmin > (modprinc -unlock princname) will fail in some cases if the version of kadmin > is not sufficiently modern? > > For example, kadmin from 1.8.2 can be used to a unlock a principal on a > 1.13.2 master, but not when the principal is locked on one of the slaves > (when propagating from the master). > > When a 1.13.2 kadmin is used, "modprinc -unlockā works for the master and the > slaves.
Yes, the client participates in setting the last-administrative-unlock timestamp during an unlock, and that code was added in 1.9. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
