From 4972f874592820f419470bf4945f5f261c3e5195 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Thu, 23 Jun 2011 14:41:53 +0000 Subject: [PATCH] Update kpropd provisos in install guide git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24980 dc483132-0cff-0310-8789-dd5450dbe970 --- doc/install.texinfo | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) diff --git a/doc/install.texinfo b/doc/install.texinfo index 9f193a3c0..37fd1a431 100644 --- a/doc/install.texinfo +++ b/doc/install.texinfo @@ -1034,18 +1034,21 @@ should resume fetching incremental updates. Thus, all the keytab and ACL setup previously described for @code{kprop} propagation is still needed. -There are several known bugs and restrictions in the current -implementation: +There are several restrictions in the current implementation: + @itemize @item -The ``call out to @code{kprop}'' mechanism is a bit fragile; if the -@code{kprop} propagation fails to connect for some reason, the process -on the slave may hang waiting for it, and will need to be restarted. +Changes to password policy objects are not propagated incrementally. +Changes to which policy applies to a principal are propagated. @item The master and slave must be able to initiate TCP connections in both -directions, without an intervening NAT. They must also be able to -communicate over IPv4, since MIT's kprop and RPC code does not -currently support IPv6. +directions, without an intervening NAT. +@item +If the slave has an IPv6 interface address but needs to accept +connections over IPv4, the operating system needs ``dual stack'' support +(i.e. the ability to accept IPv6 and IPv4 connections on a single IPv6 +listener socket). At this time, all modern Unix-like operating systems +have dual stack support except OpenBSD. @end itemize @menu -- 2.26.2