On Wed, Jun 10, 2020 at 5:04 PM Greg Hudson <ghud...@mit.edu> wrote: > MIT krb5 switched to using "replica" for non-primary KDCs as of release > 1.17. This was an easy change technically, as the old term was only > used in a user-visible way in documentation and in the name of one > profile relation. The pull request for that change was here: > https://github.com/krb5/krb5/pull/851
Hi Greg, This is fantastic and encouraging news, thanks! I'm not sure how I missed this. If I can find the time I'll see if it'd be as simple for Heimdal, or perhaps someone from the Heimdal side will chime in. In specific, iprop uses "slave" even more prominently than kprop did, I believe. > Replacing the term "master" is a larger technical challenge. We use > that term in a DNS SRV record label (_master_kdc), and migrating that > would come with a cost in network traffic and latency. Aside from the > kprop architecture, we also use the term "master key" to describe the > key used to encrypt long-term keys in the KDC database. > Technical considerations are certainly factors. I wonder if it'd be reasonable to allow clients to specify a preference when performing the SRV record lookup? I have rationalized to myself that the term "master" is the less > problematic of the two terms, as it is used in a lot of different > contexts (such as physical master keys, martial arts masters, master > plumbers, and master recordings of records). But I don't know if that > rationalization is adequate; from recent discussion I know that git's > use of "master" for the initial default branch name has become a point > of contention. > I largely agree here, it's less problematic. I do think it'd be preferable to refer to the "master" server as e.g. "primary", but master key seems fine as it has an established unencumbered meaning. Thanks, --nate ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
