Does kadmind work on a multi-realm KDC?

Dr. Greg Wettstein greg at wind.enjellic.com
Thu Sep 4 13:06:22 EDT 2003 

On Sep 3,  8:52pm, Garrett Wollman wrote:
} Subject: Does kadmind work on a multi-realm KDC?

Hi Garrett, hope the day is going well for you.

> We're migrating from an old realm name to a new one.  I staged the
> setup of the new realm on the backup KDC, and kadmind worked fine
> there, but once I moved everything over to the primary KDC, there did
> not seem to be any way to make kadmind work for both realms
> simultaneously.  I tried giving both realms on the command line, but
> an inspection of the source code suggests that kadmind is very certain
> about only being about to support one realm at a time.  I tried
> starting two kadminds, one for each realm, specifying an alternate
> port, but that didn't work either as there is no way to specify a
> different changepw port on the command line.
> 
> What am I missing?  Any workarounds?  Is this fixed in the most recent
> release?

We've had experience supporting multi realms on a single server.  Here
is what you want to do:

1.) Start one instance of kadmind for each realm that you want to
    administrate.  Use the -r switch on the commandline to specify the
    realm that will be managed, ie:

	kadmind -r SOME.REALM

2.) Use the following two directives in the realm stanza in the
    kdc.conf file to specify the ports that the administrative deamon
    will listen on for RPC administrative traffic and password
    changes:

	kadmind_port = NNN
	kpasswd_port = NNN

    You will want to choose port numbers in the restricted, ie. <
    1024, range.

It all works pretty nicely and without problems once you set things up
properly.

> - -GAWollman

Good luck with your project.

}-- End of excerpt from Garrett Wollman

As always,
Dr. G.W. Wettstein, Ph.D.   Enjellic Systems Development, LLC.
4206 N. 19th Ave.           Specializing in information infra-structure
Fargo, ND  58102            development.
PH: 701-281-4950            WWW: http://www.enjellic.com
FAX: 701-281-3949           EMAIL: greg at enjellic.com
------------------------------------------------------------------------------
"Because the innovator has for enemies all those who have done well
under the old conditions, and lukewarm defenders in those who may do
well under the new."
                                 -- Niccolo Machiavelli
                                    _The Prince_, Chapter VI

More information about the Kerberos mailing list