Replication of password base AD -> MIT

Tobias Schenk schenk_remove_this_ at physik.tu-berlin.de
Wed Sep 8 18:11:28 EDT 2004


Hi,

I have the following problem:
I want to setup a win2003 domain controller using Kerberos.
Also I have a linux machine which should offer many network services
(SMTP, POP,...). These should also use Kerberos to make it convenient
for the users. 
The drawback is that if the win box crashes, also the linux service
become unavailable. 
I thought it would be best to run a KDC on linux also and have the
password base synced. I know it contradicts somehow the idea of the
Kerberos topology.Anyway I have read that Kerberos can push its
password base to slave-KDCs but I have not found info on how to make
windows push this. I fear by their 'special' implementation and AD
they dont find it necessary. 
Is there something like a pull or replicate mechanism?
Or is it just a stupid idea (as you see i am no krb professional) ?

Thanks, 

Tobias


More information about the Kerberos mailing list