Is Kerberos manageable on large scale?

[Chuck Yerkes]

Richard Gundersen wrote:

> Hi
> 
> I am evaluating the suitability of Kerberos for a large scale 
> implementation (100's of users), where the apps will primarily be 
> running on Java App servers. I have MIT working in a test environment 
> (Linux server, Windows clients, custom Java apps) but I'm worried about 
> how easy it is to manage principles etc etc on a large scale.
> 
> Kadmin works fine at the current scale but in a real implementation I 
> don't want to have to use kadmin from the console to manage user. In 
> fact this job will be given to a userwho will certainly not want to 
> start writing scripts/SSH'ing to the server.
> 
> Ideally a web app front end would be written - but so far from the 
> documentation and books I've read, there's no easy way to communicate 
> with kadmin (I'm thinking a nice C or Java API here). Surely this must 
> be possible with one of the open source versions available.

Er, like Moira was a front end to kerberos (and hesiod and the rest
of athena).

Recall that project athena ran on hundreds or thousands of machines
when 12MHz was fast.

I dealt with it for several hundred when 30MHz where the quick machines.



> Has anyone else tried this? Would really appreciate an answer even if 
> it's just a simple 'yes, it's possible'