kerberos password change in master-slave environ

Sam Hartman hartmans at MIT.EDU
Wed Mar 24 18:40:26 EST 2004


>>>>> "Digant" == Digant Kasundra <digant at uta.edu> writes:

    Digant> No, someone stated that a single KDC isn't a problem unless you have a
    Digant> couple thousand principals.  I was stating that we will have 43,000.  

    Digant> We haven't deployed yet.  We're still in a proof-of-concept phase.  Since we
    Digant> are moving away from a Microsoft environment, we're being challenged with
    Digant> making sure we aren't losing features we had with MS (like the multimaster
    Digant> DCs).

I'd be shocked if you had a problem with 43,000 and one KDC.


The reason most people want multiple KDCs is redundancy and locality.



More information about the Kerberos mailing list