MIT Incremental Propagation

Ken Raeburn raeburn at MIT.EDU
Fri Sep 21 16:52:59 EDT 2007


On Sep 21, 2007, at 16:08, John Hascall wrote:
> I haven't studied it all that extensively,
> so correct me if I am wrong, but with the
> new "DAL" stuff there is now an opportunity
> to do a 'proper' job of multi-master KDCs
> (dare I say it) in a "ubik-like" or "AD-like"
> manner.

Yes, that's exactly right.  At least, in theory; I haven't tried it.   
Using the LDAP back end -- ah, as I see Nico was just saying -- will  
get you a common database shared across the KDCs, and leaves the  
replication mechanism, if any, to the LDAP administrator.

Building something on Ubik might be a possibility.  I'm not that  
familiar with it beyond "oh, that thing in AFS", but if it meets the  
performance requirements for a KDC, yes, it could work.





More information about the Kerberos mailing list