From 2b7a14bfe677db7e711446f59b1e00f31f0ef52e Mon Sep 17 00:00:00 2001
From: Adam Henry Lewenberg <adamhl@stanford.edu>
Date: Mon, 9 Jan 2017 11:30:15 -0800
Subject: [PATCH] change master_kdc setting in kerb5.conf

---
 NEWS                             | 5 +++++
 templates/kerberos/krb5.conf.erb | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 73b3931..b9875f6 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,11 @@ release/005.005 (unreleased)
     unless specifically overridden to false Kerberos
     clients will behave as they always have. [adamhl]
 
+    [kerberos] Chnage the master_kdc setting in krb5.conf to point to an
+    alias of the master (kerberos1). This will have not change how the
+    configuration works, but makes it easier to change the ordering of the
+    replicas if, in the future, we need to.
+
 release/005.004 (2017-01-09)
 
     [os] Change the exec resource in the 'aptitude' staged
diff --git a/templates/kerberos/krb5.conf.erb b/templates/kerberos/krb5.conf.erb
index f0494cf..808b995 100644
--- a/templates/kerberos/krb5.conf.erb
+++ b/templates/kerberos/krb5.conf.erb
@@ -86,7 +86,7 @@ else
         kdc            = krb5auth1.stanford.edu:88
         kdc            = krb5auth2.stanford.edu:88
         kdc            = krb5auth3.stanford.edu:88
-        master_kdc     = krb5auth1.stanford.edu:88
+        master_kdc     = master-kdc.stanford.edu:88
         admin_server   = krb5-admin.stanford.edu
         kpasswd_server = krb5-admin.stanford.edu
 <%
-- 
GitLab