Multi-master KDCs

Digant Kasundra digant at uta.edu
Wed Mar 24 15:08:39 EST 2004


I wonder why the patches have not been accepted into MIT Kerberos if MIT is
looking for that functionality?  Oh well.

I think "multimaster" or something of that sort is pretty much of interest
to me b/c I want multiple machines to be able to service password changes.

-----Original Message-----
From: Sam Hartman
To: Digant Kasundra
Cc: 'kerberos at mit.edu'
Sent: 3/24/2004 2:03 PM
Subject: Re: Multi-master KDCs


Not having incremental propagation support for database changes is a
problem for MIT Kerberos in some environments; it is a problem we'd
like to fix.  Transferring the entire database can be expensive over
some network links.

There are a few environments where multi-master is a requirement.  But
getting multi-master right is hard and so far has not been worth the
necessary time for either Heimdal or MIT Kerberos.

I believe that people have evaluated the incremental propagation
solutions with an assumption that some day they may need to support
multi-master.



More information about the Kerberos mailing list