<P>Hi Klaas,
<P>Thanks for your help! I'm a bit confused by the krb5.conf file -- doesn't the server also read this configuration file at start up? Also, I see your point in dumping the slave kdc database and then loading that onto the master kdc database manually -- but is there some way to automate this process safely?
<P>Thanks,
<P>Monica
<P>
<P> <B><I>klaas hagemann <KLAAS@NORTHSAILOR.DE></I></B>wrote:
<BLOCKQUOTE style="BORDER-LEFT: #1010ff 2px solid; MARGIN-LEFT: 5px; PADDING-LEFT: 5px"><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<META content="MSHTML 6.00.2600.0" name=GENERATOR>
<STYLE></STYLE>
<DIV><FONT face=Arial size=2>Hi Monica,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>as far as i understood it, changes in krb5.conf take affect immediatly. This is a Client side konfiguration file, which is used by kinit and other "kerberized" applikations.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>You can make a dump of the slave kdc manually and load it in the master kdc by hand. This is no problem. Even creating a new master kdc is possible. Maybe you have to create the kadmin-keytabs and the stash-file again, but that is no problem.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Kerberos uses the system time. so you need to have an external way to get your system times synchronised, like an ntp-server.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Klaas</FONT></DIV>
<BLOCKQUOTE style="BORDER-LEFT: #000000 2px solid; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px; PADDING-LEFT: 5px; PADDING-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B> <A href="mailto:mllau2002@yahoo.com" title=mllau2002@yahoo.com>Monica Lau</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A href="mailto:kerberos@mit.edu" title=kerberos@mit.edu>kerberos@mit.edu</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Monday, July 29, 2002 7:12 PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Few quick questions</DIV>
<DIV><FONT face=Arial size=2></FONT><FONT face=Arial size=2></FONT><BR></DIV>
<P>Hi all,
<P>I'm very new to Kerberos, and I have some general questions below. Any suggestions is greatly appreciated. Thanks for your time and help!
<P>1. In the krb5.conf file, I can specify the clock skew and ticket lifetime times. If I want to change these values after the kdc is already running, do I need to restart the kdc? Ithere some way that the kdc would read these values dynamically and take note of these changes?
<P>2. Can slave KDC propagate its database back to the master KDC? Let's say that the master KDC goes down and the administrator makes changes to the slave KDC database. Now before we restart the master KDC, we want to update its database with the changes. Is it possible for slave KDC to propagate its database back to master? </P>
<P>3. How do I set the KDC time? Is there some kadmin options to do this?</P>
<P>Thanks,</P>
<P>Monica</P>
<P><BR>
<HR SIZE=1>
<B>Do You Yahoo!?</B><BR><A href="http://health.yahoo.com/">Yahoo! Health</A> - Feel better, live better</BLOCKQUOTE></BLOCKQUOTE><p><br><hr size=1><b>Do You Yahoo!?</b><br>
<a href="http://health.yahoo.com/">Yahoo! Health</a> - Feel better, live better