Moving kerberos infrastructure
Jason L Tibbitts III
tibbs at math.uh.edu
Wed Dec 12 01:07:03 EST 2007
I know just enough about Kerberos to screw things up badly, and I'm
faced with my krb infrastructure running on hardware that is getting
old enough to start having issues. I have plenty of admin experience
but for some reason I can never manage to wrap my head around all of
the Kerberos intricacies at once.
What I need to do is move both my primary and secondary KDCs to
different machines. Not necessarily both at the same time, mind you,
but everything does need to move eventually. I'm pretty sure I can
move the secondary without totally hosing everything but I'm not at
all sure how to move the primary. Does anyone have any handy pointers
to documentation on doing this, or any tips?
Both servers are running MIT krb5 1.3.6. Nothing special as far as I
know. The clients have the servers listed by DNS alias in krb5.conf;
I'm not using SRV records but at least things aren't listed by IP.
- J<
More information about the Kerberos
mailing list