Migrating a Kerberos Realm
Tim Mooney
mooney at dogbert.cc.ndsu.NoDak.edu
Thu Nov 2 12:42:40 EST 2006
In regard to: Re: Migrating a Kerberos Realm, Ken Raeburn said (at 8:23pm...:
> You can, but you have to write the config files to specify different
> port numbers for them. (The code doesn't currently support using
> only some of a machine's IP addresses, if you wanted to put one on
> one address and one on another.) The code theoretically supports
> serving multiple realms out of one KDC process, too, but we don't
> test that functionality often. I'd be interested in any observations
> if you try it.
We've done that (one KDC process serving 11 realms) for years. It's
worked very well for us.
You have to run separate instances of kadmind on the master, which means
running them on different ports. Propagation from the master to the
secondary(ies) also requires just a bit of extra config (the kpropds on
the secondary need to run on distinct ports), but it too is possible.
Tim
--
Tim Mooney mooney at dogbert.cc.ndsu.NoDak.edu
Information Technology Services (701) 231-1076 (Voice)
Room 242-J6, IACC Building (701) 231-8541 (Fax)
North Dakota State University, Fargo, ND 58105-5164
More information about the Kerberos
mailing list