Add (optional) master_kdcs to kerberos-env and generated krb5.conf file. If kerberos-env/master_kdcs is not empty, it should contain a list of IP addresses or FQDNs for one or more KDCs. Multiple entries should be comma-delimited.
Identifies the master KDC(s). Currently, this tag is used in only one case: If an attempt to get credentials fails because of an invalid password, the client software will attempt to contact the master KDC, in case the user’s password has just been changed, and the updated database has not been propagated to the slave servers yet.
This should help with scenarios where multiple KDCs are in a master/slave (or replicated) configuration.