[krbdev.mit.edu #8945] krb5kdc: the 32 realms limit
ДилÑн Палаузов via RT
rt at krbdev.mit.edu
Tue Sep 8 14:57:43 EDT 2020
<URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=8945 >
Hello,
In my use case, all things shall go in a single Kerberos DataBase
(KDB), all under LDAP(kldap). Say it this way: I want to have many
users, and each user gets a separate domain. REALM=DOMAIN. So there
are many realms with very few users in each.
Greetings
Dilyan
On Tue, 2020-09-08 at 13:20 -0400, Greg Hudson via RT wrote:
> For your use case, would it be better to have a separate KDB for each
> realm
> (implying separate storage, propagation, and backup), or have one KDB
> to which
> realms could be added and removed?
>
> To answer one of your questions, if you ran two separate krb5kdc
> processes each
> with 31 -r options to get around the current 32-realm limitation,
> they would
> have to serve different ports.
>
>
More information about the krb5-bugs
mailing list