MIT Incremental Propagation
Ken Raeburn
raeburn at MIT.EDU
Fri Sep 21 16:52:59 EDT 2007
On Sep 21, 2007, at 16:08, John Hascall wrote:
> I haven't studied it all that extensively,
> so correct me if I am wrong, but with the
> new "DAL" stuff there is now an opportunity
> to do a 'proper' job of multi-master KDCs
> (dare I say it) in a "ubik-like" or "AD-like"
> manner.
Yes, that's exactly right. At least, in theory; I haven't tried it.
Using the LDAP back end -- ah, as I see Nico was just saying -- will
get you a common database shared across the KDCs, and leaves the
replication mechanism, if any, to the LDAP administrator.
Building something on Ubik might be a possibility. I'm not that
familiar with it beyond "oh, that thing in AFS", but if it meets the
performance requirements for a KDC, yes, it could work.
More information about the Kerberos
mailing list