On 7/15/19 8:59 AM, Yegui Cai wrote: > I am trying to deploy a master and a slave KDC. Due to regulations, I need > to run everything on unpriviledged ports. I have done everything except for > kpropd which by default runs on 754. When I launched kpropd on port, say, > 3754. Database propagation did not happen. I did try running kproplog to > check - the master node shows some changes but it is not reflected on the > slave node. The initial kprop -P 3754 command did success though.
For full database propagation, kadmind on the master KDC need to know what port to connect to on the replica KDC. This port number can be specified via the kadmind "-k portnum" option (new in release 1.15) or by setting the KPROP_PORT environment variable. kpropd on the replica KDC also needs to know what port to contact in order to request updates from kadmind on the master KDC. The iprop_port relation needs to be present in the appropriate [realms] subsection on both the master and replica KDCs. (In 1.15, iprop_listen may be used instead on the master KDC.) ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
