Using Solaris 10 kadmin with MIT 1.4.1 kadmind

Douglas E. Engert deengert at anl.gov
Fri Jun 3 15:16:09 EDT 2005



Nicolas Williams wrote:

> On Fri, Jun 03, 2005 at 01:47:40PM -0500, Douglas E. Engert wrote:
> 
>>                                       Is this some gss implementation
>>imposed restriction?
> 
> 
> An RPCSEC_GSS API issue.
> 
> 
>>What this means is that a kadmind can only serve a single realm.
> 
> 
> We've never claimed to support more than one.  IIRC neither has MIT, but
> I'm sure someone will correct me if I'm wrong :)

OK... the MIT man page for krb5kdc says:
"The KDC may service requests for multiple realms (maximun 32 realms)"
and the man page for kadmind talks about serving multiple realms,
but I dont' see how it does.

Its not clear how much this is actually used, but someone
might run in to this problem.   Our intent is it have the kdc and kadmind
server only one realm, and the server hosts will be in that realm.
so the chencking of the realm of the kadmind server host is not a real problem.


> 
> 
>>This looks like a Solaris bug to me.
> 
> 
> And to me.
> 
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444


More information about the Kerberos mailing list