Multi-master KDCs
Digant Kasundra
digant at uta.edu
Wed Mar 24 15:08:39 EST 2004
I wonder why the patches have not been accepted into MIT Kerberos if MIT is
looking for that functionality? Oh well.
I think "multimaster" or something of that sort is pretty much of interest
to me b/c I want multiple machines to be able to service password changes.
-----Original Message-----
From: Sam Hartman
To: Digant Kasundra
Cc: 'kerberos at mit.edu'
Sent: 3/24/2004 2:03 PM
Subject: Re: Multi-master KDCs
Not having incremental propagation support for database changes is a
problem for MIT Kerberos in some environments; it is a problem we'd
like to fix. Transferring the entire database can be expensive over
some network links.
There are a few environments where multi-master is a requirement. But
getting multi-master right is hard and so far has not been worth the
necessary time for either Heimdal or MIT Kerberos.
I believe that people have evaluated the incremental propagation
solutions with an assumption that some day they may need to support
multi-master.
More information about the Kerberos
mailing list