MIT Incremental Propagation

Marcus Watts mdw at spam.ifs.umich.edu
Fri Sep 21 18:09:11 EDT 2007


> Date:    Fri, 21 Sep 2007 16:52:59 EDT
> To:      John Hascall <john at iastate.edu>
> cc:      harris at ucdavis.edu, kerberos at mit.edu
> From:    Ken Raeburn <raeburn at mit.edu>
> Subject: Re: MIT Incremental Propagation 
> 
> On Sep 21, 2007, at 16:08, John Hascall wrote:
> > I haven't studied it all that extensively,
> > so correct me if I am wrong, but with the
> > new "DAL" stuff there is now an opportunity
> > to do a 'proper' job of multi-master KDCs
> > (dare I say it) in a "ubik-like" or "AD-like"
> > manner.
> 
> Yes, that's exactly right.  At least, in theory; I haven't tried it.   
> Using the LDAP back end -- ah, as I see Nico was just saying -- will  
> get you a common database shared across the KDCs, and leaves the  
> replication mechanism, if any, to the LDAP administrator.
> 
> Building something on Ubik might be a possibility.  I'm not that  
> familiar with it beyond "oh, that thing in AFS", but if it meets the  
> performance requirements for a KDC, yes, it could work.

ubik basically just provides a replicated flat file with transactions.
All the database stuff that AFS does is layered on top of this,
but ubik proper doesn't provide a database, just a byte stream
with seek and a length.

				-Marcus Watts



More information about the Kerberos mailing list