由于我们已经实施了主从对于我们的 Kerberos,我们注意到我们的字段没有得到更新(信息方面)
Last password change: Fri Aug 02 10:18:08 GMT 2019
Last modified: Fri Aug 02 10:18:08 GMT 2019 (root/[email protected])
Last successful authentication: Sat Aug 03 12:35:41 GMT 2019
Last failed authentication: Wed Jul 10 12:59:28 GMT 2019
仅当我们的客户端配置如下时才会发生这种情况
[libdefaults]
default_realm = EXAMPLE.COM
forwardable = true
proxiable = true
dns_lookup_kdc = no
dns_lookup_realm = no
allow_weak_crypto = true
[realms]
EXAMPLE.COM = {
kdc = kerberos-slave.EXAMPLE.COM
admin_server = kerberos.EXAMPLE.COM
kpasswd_server = kerberos.EXAMPLE.COM
master_kdc = kerberos.EXAMPLE.COM
default_domain = EXAMPLE.COM
default_lifetime = 7d
ticket_lifetime = 7d
}
[domain_realm]
.EXAMPLE.COM = EXAMPLE.COM
EXAMPLE.COM = EXAMPLE.COM
如果我们的客户端直接使用主 Kerberos,我们的字段确实会得到很好的更新。有没有办法更新字段在主服务器上,同时直接从从服务器上查询?
直接使用 kdc = master kerberos 会更新 KDC DB 字段。
[libdefaults]
default_realm = EXAMPLE.COM
forwardable = true
proxiable = true
dns_lookup_kdc = no
dns_lookup_realm = no
allow_weak_crypto = true
[realms]
EXAMPLE.COM = {
kdc = kerberos.EXAMPLE.COM
admin_server = kerberos.EXAMPLE.COM
kpasswd_server = kerberos.EXAMPLE.COM
master_kdc = kerberos.EXAMPLE.COM
default_domain = EXAMPLE.COM
default_lifetime = 7d
ticket_lifetime = 7d
}
[domain_realm]
.EXAMPLE.COM = EXAMPLE.COM
EXAMPLE.COM = EXAMPLE.COM