From: Ken Raeburn <raeburn@mit.edu>
Date: Fri, 25 Jul 2003 20:43:58 +0000 (+0000)
Subject: * admin.texinfo (realms (krb5.conf)): Add description of master_kdc tag.
X-Git-Tag: krb5-1.4-beta1~787
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=cfef93ef5cd92b4dc635ef83b5f809038571cbbe;p=krb5.git

* admin.texinfo (realms (krb5.conf)): Add description of master_kdc tag.
(Sample krb5.conf File): Add it to the example.

ticket: 1692
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@15737 dc483132-0cff-0310-8789-dd5450dbe970
---

diff --git a/doc/ChangeLog b/doc/ChangeLog
index b71b54a14..ffe9724f7 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,9 @@
+2003-07-25  Ken Raeburn  <raeburn@mit.edu>
+
+	* admin.texinfo (realms (krb5.conf)): Add description of
+	master_kdc tag.
+	(Sample krb5.conf File): Add it to the example.
+
 2003-07-24  Sam Hartman  <hartmans@mit.edu>
 
 	* admin.texinfo (realms (kdc.conf)): Remove references to kdc_supported_enctypes
diff --git a/doc/admin.texinfo b/doc/admin.texinfo
index 0706aa51d..ec500025f 100644
--- a/doc/admin.texinfo
+++ b/doc/admin.texinfo
@@ -708,6 +708,15 @@ this tag must be given a value in each realm subsection in the
 configuration file, or there must be DNS SRV records specifying the
 KDCs (see @ref{Using DNS}).
 
+@itemx master_kdc
+Identifies the master KDC(s).  Currently, this tag is used in only one
+case: If an attempt to get credentials fails because of an invalid
+password, the client software will attempt to contact the master KDC,
+in case the user's password has just been changed, and the updated
+database has not been propagated to the slave servers yet.  (We don't
+currently check whether the KDC from which the initial response came
+is on the master KDC list.  That may be fixed in the future.)
+
 @itemx admin_server
 Identifies the host where the administration server is running.
 Typically, this is the master Kerberos server.  This tag must be given
@@ -1037,6 +1046,7 @@ Here is an example of a generic @code{krb5.conf} file:
         kdc = @value{KDCSLAVE1}.@value{PRIMARYDOMAIN}
         kdc = @value{KDCSLAVE2}.@value{PRIMARYDOMAIN}:750
         admin_server = @value{KDCSERVER}.@value{PRIMARYDOMAIN}
+        master_kdc = @value{KDCSERVER}.@value{PRIMARYDOMAIN}
         default_domain = @value{PRIMARYDOMAIN}
     @}
     @value{SECONDREALM} = @{