"If you choose to install a stash file..."
Daniel Kahn Gillmor
dkg-mit.edu at fifthhorseman.net
Wed Jan 10 00:51:46 EST 2007
Sorry to be late for this discussion of the stash file.
In addition to needing to enter a passphrase to launch krb5kdc (with
the -m option), it looks like kdb5_util will also need a passphrase,
understandably.
This means that the traditional cronjob-triggered kprop -> kpropd
replication won't work either, right?
any suggestions for how to do speedy, automatic replication between
stashless KDCs?
i've got GSSAPI-enabled ssh functioning, so i was considering just
moving the entire principal.* fileset across the network with rsync,
but i'm not sure what would be necessary for the slave kdc to notice
that its database has been changed. Can i send a SIGHUP or something
similar to get it to rescan, without needing to enter the master key
by hand again?
Is there some other method i could use to have a replicated, stashless
krb5 domain?
Thanks for any suggestions you might have,
--dkg
More information about the Kerberos
mailing list